Description
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Handle Nopman · textwebappsphp
https://www.exploit-db.com/exploits/21230
References (4)
Core 4
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/221683
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7914
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3889
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101121913914205&w=2
Scores
EPSS
0.0059
EPSS Percentile
69.3%
Details
Status
published
Products (13)
francisco_burzi/php-nuke
1.0
francisco_burzi/php-nuke
2.5
francisco_burzi/php-nuke
3.0
francisco_burzi/php-nuke
4.0
francisco_burzi/php-nuke
4.3
francisco_burzi/php-nuke
4.4
francisco_burzi/php-nuke
4.4.1a
francisco_burzi/php-nuke
5.0
francisco_burzi/php-nuke
5.0.1
francisco_burzi/php-nuke
5.1
... and 3 more
Published
May 16, 2002
Tracked Since
Feb 18, 2026