CVE-2007-1520

Phpnuke Php-nuke < 8.0 - CSRF

Title source: rule

Description

The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.

References (8)

Scores

EPSS 0.0065
EPSS Percentile 70.5%

Classification

CWE
CWE-352
Status draft

Affected Products (13)

phpnuke/php-nuke < 8.0
phpnuke/php-nuke
phpnuke/php-nuke
phpnuke/php-nuke
phpnuke/php-nuke
phpnuke/php-nuke
phpnuke/php-nuke
phpnuke/php-nuke
phpnuke/php-nuke
phpnuke/php-nuke
phpnuke/php-nuke
phpnuke/php-nuke
phpnuke/php-nuke

Timeline

Published Mar 20, 2007
Tracked Since Feb 18, 2026