phpNuke Security Alert - ALL VERSIONS

Posted on Friday, January 04, 2008 @ 13:07:24 PST in Security
by Raven

guardian2003 writes:  
It is unfortunate that I have to start the New Year with this news item but I would be failing the members of this community if I did not bring it to your attention.

There exists a vulnerability in virgin phpNuke which affects ALL versions as far as I have been able to ascertain. This vulnerability was reported to the author when phpNuke 7.6 was released and still remains within the virgin code even in the current version (phpNuke 8.1).
One can only conclude that the author is happy with a potential 3,020,000 affected sites**.

The vulnerability allows anonymous users to bypass the security code in order for them to create an account and/or post in the forums.
Please - ensure you have the latest patches or upgrade to RavenNuke.

RavenNuke™ is not susceptible to this exploit as it uses a proper CAPTCHA.

My thanks to http://websecurity.com.ua for reminding me of this vulnerability.

** - Figure based on a Google search for "powered by PHP-Nuke" which is exactly how they'll find you!
Do not become one of the other statistics!
Note:
RavenNuke™ is not susceptible to this exploit
 
 
click Related        click Share
 
 
Associated Topics

PHP-Nuke
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 362,004,366
  • Today: 118,188
Server InfoServer Info
  • Jul 20, 2018
  • 12:03 am PDT
 
 

Daily Inspiration