CVE-2004-2018 | Vulnerability Database | Aqua Security

PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code.

Affected Software

Name	Vendor	Start Version	End Version
Php-nuke	Francisco_burzi	6.0 (including)	6.0 (including)
Php-nuke	Francisco_burzi	6.5 (including)	6.5 (including)
Php-nuke	Francisco_burzi	6.5_beta1 (including)	6.5_beta1 (including)
Php-nuke	Francisco_burzi	6.5_final (including)	6.5_final (including)
Php-nuke	Francisco_burzi	6.5_rc1 (including)	6.5_rc1 (including)
Php-nuke	Francisco_burzi	6.5_rc2 (including)	6.5_rc2 (including)
Php-nuke	Francisco_burzi	6.5_rc3 (including)	6.5_rc3 (including)
Php-nuke	Francisco_burzi	6.6 (including)	6.6 (including)
Php-nuke	Francisco_burzi	6.7 (including)	6.7 (including)
Php-nuke	Francisco_burzi	6.9 (including)	6.9 (including)
Php-nuke	Francisco_burzi	7.0 (including)	7.0 (including)
Php-nuke	Francisco_burzi	7.0_final (including)	7.0_final (including)
Php-nuke	Francisco_burzi	7.1 (including)	7.1 (including)
Php-nuke	Francisco_burzi	7.2 (including)	7.2 (including)
Php-nuke	Francisco_burzi	7.3 (including)	7.3 (including)

References

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0870.html
http://marc.info/?l=bugtraq\u0026m=108482888621896\u0026w=2
http://secunia.com/advisories/11625
http://www.osvdb.org/6222
http://www.securityfocus.com/bid/10365
http://www.waraxe.us/index.php?modname=sa\u0026id=29
https://exchange.xforce.ibmcloud.com/vulnerabilities/16218

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2018
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html