Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2008-10-28	CVE-2008-4767	Improper Input Validation vulnerability in PHP-Nuke Downloadsplus Module Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. network low complexity phpnuke php-nuke CWE-20 critical	9.0