Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpnuke php-nuke 5.6 |
||
phpnuke php-nuke 7.3 |
||
phpnuke php-nuke 7.4 |
||
phpnuke php-nuke 7.1 |
||
phpnuke php-nuke 5.0.1 |
||
phpnuke php-nuke 5.5 |
||
phpnuke php-nuke 7.9 |
||
phpnuke php-nuke 5.3 |
||
phpnuke php-nuke 6.9 |
||
phpnuke php-nuke 5.3.1 |
||
phpnuke php-nuke 5.0 |
||
phpnuke php-nuke 6.8 |
||
phpnuke php-nuke 6.6 |
||
phpnuke php-nuke 7.5 |
||
phpnuke php-nuke 7.2 |
||
phpnuke php-nuke 7.7 |
||
phpnuke php-nuke |
||
phpnuke php-nuke 5.2 |
||
phpnuke php-nuke 7.8 |
||
phpnuke php-nuke 6.0 |
||
phpnuke php-nuke 6.7 |
||
phpnuke php-nuke 7.0 |
||
phpnuke php-nuke 6.5 |
||
phpnuke php-nuke 5.1 |
||
phpnuke php-nuke 7.6 |
||
phpnuke php-nuke 5.4 |