Title: PHP-Nuke Modules.PHP Denial Of Service Vulnerability
Severity: MODERATE
Description:
PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.
A denial of service vulnerability has been reported for the modules.php script used by PHP-Nuke. The vulnerability occurs because the modules.php script does not properly validate URI parameters.
An attacker can exploit this vulnerability by modifying the 'name' parameter when making a request for modules.php. This will prevent visitors to the site hosting PHP-Nuke from creating a new account thereby leading to a denial of service condition.
This vulnerability was reported for PHP-Nuke 6.0. It is not known whether earlier versions are affected.
Affected Products:
- Francisco Burzi PHP-Nuke 6.0.0
References:
- PHPNuke INP: PHPNuke INP Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
