CVE-2001-0383

PHP-Nuke < 4.4 - Unauthenticated Banner URL Modification via Direct Change Operation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0383. PoCs published by Juan Diego.

AI-analyzed exploit summary This is a writeup describing a vulnerability in PHP-Nuke's banner ad feature, allowing an attacker to modify the destination URL of ad banners via a crafted querystring. No actual exploit code is provided, only a description of the attack vector.

Description

banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Juan Diego · textwebappsphp
https://www.exploit-db.com/exploits/20729

This is a writeup describing a vulnerability in PHP-Nuke's banner ad feature, allowing an attacker to modify the destination URL of ad banners via a crafted querystring. No actual exploit code is provided, only a description of the attack vector.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: PHP-Nuke (unspecified version)
No auth needed
Prerequisites: Access to the target's banners.php endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html
Various Sources x_refsource_confirm
http://phpnuke.org/download.php?dcategory=Fixes
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2544
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6342

Scores

EPSS 0.0645
EPSS Percentile 92.9%

Details

Status published
Products (1)
francisco_burzi/php-nuke < 4.4
Published Jun 18, 2001
Tracked Since Feb 18, 2026