PHPNuke.Search.Module.Directory.Traversal

description-logoDescription

PHPNuke Search Module has a remote file-include vulnerability. A remote attacker could execute an arbitrary script on the web server with the privileges of the server via a specially-crafted URL request to the 'modules.php' script, by using the 'file' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

PHPNUke NukeFix 3.1 for V7.8
Francisco Burzi PHP-Nuke 7.9

Impact logoImpact

System compromise.

recomended-action-logoRecommended Actions

Apply patch, available from the Web site:
PHPNuke PHPNuke-Patch.zip
http://securityreason.com/download/1/4

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1