Vulnerabilities > CVE-2002-0206 - Remote Arbitrary File Include vulnerability in PHPNuke
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
Vulnerable Configurations
Exploit-Db
description | PHPNuke 4.x/5.x Remote Arbitrary File Include Vulnerability. CVE-2002-0206 . Webapps exploit for php platform |
id | EDB-ID:21230 |
last seen | 2016-02-02 |
modified | 2002-01-16 |
published | 2002-01-16 |
reporter | Handle Nopman |
source | https://www.exploit-db.com/download/21230/ |
title | PHPNuke 4.x/5.x - Remote Arbitrary File Include Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | PHP_NUKE_INSTALLED.NASL |
description | The remote host is running a copy of PHP-Nuke. Given the insecurity history of this package, the Nessus team recommends that you do not use it but use something else instead, as security was clearly not in the mind of the persons who wrote it. The author of PHP-Nuke (Francisco Burzi) even started to rewrite the program from scratch, given the huge number of vulnerabilities |
last seen | 2020-06-02 |
modified | 2003-02-17 |
plugin id | 11236 |
published | 2003-02-17 |
reporter | This script is Copyright (C) 2003-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/11236 |
title | PHP-Nuke Detection |
code |
|