News Register Control Panel Private Messages Members List Team Search News Posts About Us
 

PHP-Nuke mail CRLF Injection vulnerabilities
  Author: Ravish Ahuja
Added: 12/21/2002
Type: Advisory
Viewed: 256 time(s)
[ Not Rated Yet ]
Introduction

PROGRAM: PHP-Nuke
VENDOR: Fransisco Burzi et al.
VULNERABLE VERSIONS: 6.0 (the only supported version)
IMMUNE VERSIONS: 6.0 with my patch applied
LOGIN REQUIRED: no


DESCRIPTION:

"PHP-Nuke is a Web portal and online community system which
includes Web-based administration, surveys, access statistics,
user customizable boxes, a themes manager for registered users,
friendly administration GUI with graphic topic manager, the
ability to edit or delete stories, an option to delete comments,
a moderation system, referer tracking, integrated banner ad system,
search engine, backend/headlines generation (RSS/RDF format), Web
directory like Yahoo, events manager, and support for 20+ languages."

(direct quote from the program's project page at Freshmeat)

PHP-Nuke is published under the terms of the GNU General Public
License. It is a very popular program with lots and lots of
installations. It is included as one of the packages in Debian
GNU/Linux and one of FreeBSD's ports.

Despite all this, the program has a bad reputation regarding
security matters.

Article Pages:  1 | 2 | 3 | 4 | 5 | Next   


How would you rate this article:    Bad Good   Go  


Copyright Linux Advisory 2003. All rights reserved.
We are not responsible for the comment and story contributed by users.