PROGRAM: PHP-Nuke
VENDOR: Fransisco Burzi et al.
VULNERABLE VERSIONS: 6.0 (the only supported version)
IMMUNE VERSIONS: 6.0 with my patch applied
LOGIN REQUIRED: no
DESCRIPTION:
"PHP-Nuke is a Web portal and online community system which
includes Web-based administration, surveys, access statistics,
user customizable boxes, a themes manager for registered users,
friendly administration GUI with graphic topic manager, the
ability to edit or delete stories, an option to delete comments,
a moderation system, referer tracking, integrated banner ad system,
search engine, backend/headlines generation (RSS/RDF format), Web
directory like Yahoo, events manager, and support for 20+ languages."
(direct quote from the program's project page at Freshmeat)
PHP-Nuke is published under the terms of the GNU General Public
License. It is a very popular program with lots and lots of
installations. It is included as one of the packages in Debian
GNU/Linux and one of FreeBSD's ports.
Despite all this, the program has a bad reputation regarding
security matters.