CVE-2002-0206
PHP-Nuke <= 5.3.1 - Remote Code Execution via File Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-0206. PoCs published by Handle Nopman.
AI-analyzed exploit summary This exploit demonstrates a remote file inclusion (RFI) vulnerability in PHPNuke's 'index.php' script, allowing an attacker to execute arbitrary commands on the server by including a malicious PHP file from a remote server. The PoC provides a clear example of how to exploit this vulnerability to achieve remote code execution (RCE).
Description
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
Exploits (1)
This exploit demonstrates a remote file inclusion (RFI) vulnerability in PHPNuke's 'index.php' script, allowing an attacker to execute arbitrary commands on the server by including a malicious PHP file from a remote server. The PoC provides a clear example of how to exploit this vulnerability to achieve remote code execution (RCE).