CVE Vulnerabilities

CVE-2004-2044

Published: Jun 01, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER[PHP_SELF] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the admin.php string.

Affected Software

Name Vendor Start Version End Version
Php-nuke Francisco_burzi 5.0 5.0
Php-nuke Francisco_burzi 5.0.1 5.0.1
Php-nuke Francisco_burzi 5.1 5.1
Php-nuke Francisco_burzi 5.2 5.2
Php-nuke Francisco_burzi 5.2a 5.2a
Php-nuke Francisco_burzi 5.3.1 5.3.1
Php-nuke Francisco_burzi 5.4 5.4
Php-nuke Francisco_burzi 5.5 5.5
Php-nuke Francisco_burzi 5.6 5.6
Php-nuke Francisco_burzi 6.0 6.0
Php-nuke Francisco_burzi 6.5 6.5
Php-nuke Francisco_burzi 6.5_beta1 6.5_beta1
Php-nuke Francisco_burzi 6.5_final 6.5_final
Php-nuke Francisco_burzi 6.5_rc1 6.5_rc1
Php-nuke Francisco_burzi 6.5_rc2 6.5_rc2
Php-nuke Francisco_burzi 6.5_rc3 6.5_rc3
Php-nuke Francisco_burzi 6.6 6.6
Php-nuke Francisco_burzi 6.7 6.7
Php-nuke Francisco_burzi 6.9 6.9
Php-nuke Francisco_burzi 7.0 7.0
Php-nuke Francisco_burzi 7.0_final 7.0_final
Php-nuke Francisco_burzi 7.1 7.1
Php-nuke Francisco_burzi 7.2 7.2
Php-nuke Francisco_burzi 7.3 7.3
Osc2nuke Oscommerce 7x_1.0 7x_1.0
Betanc_php-nuke Paul_laudanski bundle bundle

References