CVE-2009-0674

RavenNuke 2.30 - Path Disclosure via aFonts Array Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0674. PoCs published by waraxe.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in RavenNuke 2.3.0, including remote PHP code execution via uninitialized arrays in 'avatarlist.php' and insecure 'eval()' usage in the 'Your Account' module, SQL injection in the 'Resend_Email' module, and local file detection in 'captcha.php'. It provides technical analysis, vulnerable code fragments, and proof-of-concept test cases.

Description

images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames.

Exploits (1)

exploitdb WRITEUP VERIFIED
by waraxe · textwebappsphp
https://www.exploit-db.com/exploits/8068

This advisory details multiple vulnerabilities in RavenNuke 2.3.0, including remote PHP code execution via uninitialized arrays in 'avatarlist.php' and insecure 'eval()' usage in the 'Your Account' module, SQL injection in the 'Resend_Email' module, and local file detection in 'captcha.php'. It provides technical analysis, vulnerable code fragments, and proof-of-concept test cases.

Classification
Writeup 100%
Attack Type
Rce | Sqli | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: RavenNuke 2.3.0
Auth required
Prerequisites: Attacker must be logged in as a user for some exploits · Admin rights required for certain vulnerabilities
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33787
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48792
Vendor Advisory x_refsource_confirm
http://ravenphpscripts.com/postt17156.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48983
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500988/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8068
Exploit x_refsource_misc
http://www.waraxe.us/advisory-72.html

Scores

EPSS 0.0228
EPSS Percentile 80.9%

Details

CWE
CWE-94
Status published
Products (1)
ravenphpscripts/ravennuke 2.30
Published Feb 22, 2009
Tracked Since Feb 18, 2026