index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php-nuke | Francisco_burzi | 4.0 | 4.0 |
Php-nuke | Francisco_burzi | 5.3.1 | 5.3.1 |
Php-nuke | Francisco_burzi | 5.1 | 5.1 |
Php-nuke | Francisco_burzi | 4.3 | 4.3 |
Php-nuke | Francisco_burzi | 1.0 | 1.0 |
Php-nuke | Francisco_burzi | 4.4 | 4.4 |
Php-nuke | Francisco_burzi | 2.5 | 2.5 |
Php-nuke | Francisco_burzi | 3.0 | 3.0 |
Php-nuke | Francisco_burzi | 5.0 | 5.0 |
Php-nuke | Francisco_burzi | 5.2a | 5.2a |
Php-nuke | Francisco_burzi | 5.0.1 | 5.0.1 |
Php-nuke | Francisco_burzi | 5.2 | 5.2 |
Php-nuke | Francisco_burzi | 4.4.1a | 4.4.1a |