Vulnerabilities > Phpnuke > PHP Nuke > Critical

DATE CVE VULNERABILITY TITLE RISK
2008-10-28 CVE-2008-4767 Improper Input Validation vulnerability in PHP-Nuke Downloadsplus Module
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file.
network
low complexity
phpnuke php-nuke CWE-20
critical
9.0