header-logo
Suggest Exploit
vendor:
PHP-Nuke
by:
SecurityFocus
7.5
CVSS
HIGH
File Disclosure
200
CWE
Product Name: PHP-Nuke
Affected Version From: 6.5
Affected Version To: 6.5
Patch Exists: YES
Related CWE: N/A
CPE: a:phpnuke:php-nuke
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

PHP-Nuke File Disclosure Vulnerability

PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon. It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain circumstances. It should be noted that this issue reportedly affects PHP-Nuke version 6.5 when running a specific configuration, however other versions may also be affected.

Mitigation:

Ensure that the viewpage.php addon is not accessible to unauthenticated users.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7191/info

PHP-Nuke has been reported prone to a file disclosure vulnerability when using the viewpage.php addon.

It has been reported that PHP-Nuke may disclose arbitrary web server readable files under certain circumstances.

It should be noted that this issue reportedly affects PHP-Nuke version 6.5 when running a specific configuration, however other versions may also be affected.

http://www.example.com/viewpage.php?file=/etc/passwd

Navigation

Suggest Exploit

Services By CQR