Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
PHP-Nuke copying files security vulnerability (admin.php)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Determine if a remote host is vulnerable to the admin.php vulnerability in PHP-Nuke.
Insight
Insight
The remote host seems to be vulnerable to a security problem in PHP-Nuke (admin.php). The vulnerability is caused by inadequate processing of queries by PHP-Nuke's admin.php which enables attackers to copy any file from the operating system to anywhere else on the operating system.
Affected Software
Affected Software
PHP-Nuke 5.2 and earlier, except 5.0RC1
Detection Method
Detection Method
Try to upload a file and checks if it is accessible afterwards.
Solution
Solution
Upgrade to Version 5.3 or above. As a workaround change the following lines in admin.php: if($upload) To: if(($upload) && ($admintest))