CVE-2011-1482

PHP-Nuke < 8.0 - Cross-Site Request Forgery via Referer Substring Comparison

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.

References (3)

Core 3
Core References
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/03/30/8
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/03/23/9

Scores

EPSS 0.0064
EPSS Percentile 46.3%

Details

CWE
CWE-352
Status published
Products (26)
phpnuke/php-nuke 5.0
phpnuke/php-nuke 5.0.1
phpnuke/php-nuke 5.1
phpnuke/php-nuke 5.2
phpnuke/php-nuke 5.3
phpnuke/php-nuke 5.3.1
phpnuke/php-nuke 5.4
phpnuke/php-nuke 5.5
phpnuke/php-nuke 5.6
phpnuke/php-nuke 6.0
... and 16 more
Published Jun 21, 2011
Tracked Since Feb 18, 2026