Back to search
CVE-2004-2044
Published: May 10, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20040601 [Squid 2004-betaNC-001] Inadequate Security Checking in NukeCops betaNC Bundle
mailing-list
x_refsource_BUGTRAQ
nukecops-ergei-path-disclosure(16298)
vdb-entry
x_refsource_XF
20040601 [Squid 2004-OSC2Nuke-001] Inadequate Security Checking in OSC2Nuke
mailing-list
x_refsource_BUGTRAQ
phpnuke-eregi-path-disclosure(16294)
vdb-entry
x_refsource_XF
oscnukelite-eregi-path-disclosure(16297)
vdb-entry
x_refsource_XF
6593
vdb-entry
x_refsource_OSVDB
20040606 Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke
mailing-list
x_refsource_BUGTRAQ
10447
vdb-entry
x_refsource_BID
20040601 [Squid 2004-betaNC-001] Inadequate Security Checking in NukeCops
mailing-list
x_refsource_BUGTRAQ
osc2nuke-eregi-path-disclosure(16296)
vdb-entry
x_refsource_XF
11766
third-party-advisory
x_refsource_SECUNIA
20040601 [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now