Vulnerabilities > CVE-2005-1180 - Remote Security vulnerability in Francisco Burzi PHP-Nuke 7.6

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

francisco-burzi

NVD

Published: 2005-05-02

Updated: 2017-07-11

Summary

HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.

Vulnerable Configurations

Part	Description	Count
Application	Francisco_Burzi Francisco Burzi PHP Nuke * Francisco Burzi PHP Nuke 7.6	2

References

http://marc.info/?l=bugtraq&m=111359804013536&w=2
http://secunia.com/advisories/14965
http://www.digitalparadox.org/advisories/pnuke.txt
http://www.osvdb.org/15647
https://exchange.xforce.ibmcloud.com/vulnerabilities/20116