PHP-Nuke - Unauthenticated Privilege Escalation via Missing Parameter Validation
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.