PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (06.17.2025)

Community News: Latest PECL Releases (06.10.2025)

Community News: Latest PECL Releases (06.03.2025)

Community News: Latest PECL Releases (05.27.2025)

Community News: Latest PEAR Releases (05.26.2025)

Community News: Latest PECL Releases (05.20.2025)

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.06.2025)

Community News: Latest PECL Releases (04.29.2025)

Community News: Latest PECL Releases (04.22.2025)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Security Warning for PHP-Nuke

byChris Cornutt Jun 15, 2004 @ 12:12:25

Once again, Secunia.com is reporting some bugs in PHP-Nuke that could allow malicious users to conduct cross-site scripting attacks, disclose path information, and cause a DoS (Denial of Service).

There are four ways discovered that could allow this to happen, including input validation errors (leading to SQL injections or the like) and the passing of invalid input to certain functions.

These vulnerabilities are an issue for PHP-Nuke versions 6.x and 7.x. It's not as critical as others, but can still be dangerous for anyone chosing to use this software. And, of course, their solution is always good for a laugh:

Solution: Use another product.

tagged:

Link: