Description
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.
Exploits (1)
References (4)
Core 4
Core References
Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html
Various Sources x_refsource_confirm
http://phpnuke.org/download.php?dcategory=Fixes
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2544
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6342
Scores
EPSS
0.0006
EPSS Percentile
19.9%
Details
Status
published
Products (1)
francisco_burzi/php-nuke
< 4.4
Published
Jun 18, 2001
Tracked Since
Feb 18, 2026