PHPNuke.Search.Module.Directory.Traversal
Description
PHPNuke Search Module has a remote file-include vulnerability. A remote attacker could execute an arbitrary script on the web server with the privileges of the server via a specially-crafted URL request to the 'modules.php' script, by using the 'file' parameter to specify a malicious PHP file from a remote system.
Affected Products
PHPNUke NukeFix 3.1 for V7.8
Francisco Burzi PHP-Nuke 7.9
Impact
System compromise.
Recommended Actions
Apply patch, available from the Web site:
PHPNuke PHPNuke-Patch.zip
http://securityreason.com/download/1/4
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |