The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and previous versions does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote malicious users to conduct CSRF attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpnuke php-nuke 5.6 |
||
phpnuke php-nuke 7.3 |
||
phpnuke php-nuke 7.4 |
||
phpnuke php-nuke 7.1 |
||
phpnuke php-nuke 7.9 |
||
phpnuke php-nuke 7.5 |
||
phpnuke php-nuke 7.2 |
||
phpnuke php-nuke 7.7 |
||
phpnuke php-nuke |
||
phpnuke php-nuke 7.8 |
||
phpnuke php-nuke 7.0 |
||
phpnuke php-nuke 6.5 |
||
phpnuke php-nuke 7.6 |