Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-2044. PoCs published by Squid.
AI-analyzed exploit summary The provided text describes a path traversal vulnerability in PHP-Nuke, allowing unauthorized access to sensitive scripts like 'admin.php' by manipulating URLs. No actual exploit code is present, only examples of vulnerable URLs.
Description
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
Exploits (1)
The provided text describes a path traversal vulnerability in PHP-Nuke, allowing unauthorized access to sensitive scripts like 'admin.php' by manipulating URLs. No actual exploit code is present, only examples of vulnerable URLs.