CVE-2011-1482
PHP-Nuke < 8.0 - Cross-Site Request Forgery via Referer Substring Comparison
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
References (3)
Core 3
Core References
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/03/30/8
Various Sources x_refsource_misc
http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/03/23/9
Scores
EPSS
0.0064
EPSS Percentile
46.3%
Details
CWE
CWE-352
Status
published
Products (26)
phpnuke/php-nuke
5.0
phpnuke/php-nuke
5.0.1
phpnuke/php-nuke
5.1
phpnuke/php-nuke
5.2
phpnuke/php-nuke
5.3
phpnuke/php-nuke
5.3.1
phpnuke/php-nuke
5.4
phpnuke/php-nuke
5.5
phpnuke/php-nuke
5.6
phpnuke/php-nuke
6.0
... and 16 more
Published
Jun 21, 2011
Tracked Since
Feb 18, 2026