vendor:
PHP-Nuke
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: PHP-Nuke
Affected Version From: PHP-Nuke 5.0
Affected Version To: PHP-Nuke 5.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:phpnuke:php-nuke
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
PHP-Nuke Banner Ad Interference Vulnerability
A querystring can be submitted to an unpatched server which allows the remote user to specify a new destination URL to be opened in a visitor's browser upon clicking a PHP-nuke site's ad banner. By changing the click-through destination of a banner ad, an attacker could interfere with the target's ad-based revenue generation.
Mitigation:
Apply the patch provided by the vendor.