phpNuke Security Alert - ALL VERSIONS

Posted on Friday, January 04, 2008 @ 13:07:24 PST in Security
by Raven

guardian2003 writes:  
It is unfortunate that I have to start the New Year with this news item but I would be failing the members of this community if I did not bring it to your attention.

There exists a vulnerability in virgin phpNuke which affects ALL versions as far as I have been able to ascertain. This vulnerability was reported to the author when phpNuke 7.6 was released and still remains within the virgin code even in the current version (phpNuke 8.1).
One can only conclude that the author is happy with a potential 3,020,000 affected sites**.

The vulnerability allows anonymous users to bypass the security code in order for them to create an account and/or post in the forums.
Please - ensure you have the latest patches or upgrade to RavenNuke.

RavenNuke™ is not susceptible to this exploit as it uses a proper CAPTCHA.

My thanks to for reminding me of this vulnerability.

** - Figure based on a Google search for "powered by PHP-Nuke" which is exactly how they'll find you!
Do not become one of the other statistics!
RavenNuke™ is not susceptible to this exploit
click Related        click Share
Associated Topics

News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,832,371
  • Today: 47,015
Server InfoServer Info
  • Oct 21, 2018
  • 01:34 pm PDT

Daily Inspiration