Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2018 — Burzi Php-nuke vulnerability

6 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 75.51%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedDec 31

Latest updateApr 29

Description

PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke15 versions+14

🔴Vulnerability Details

GHSA

GHSA-pq6c-g7jv-6vhh: PHP remote file inclusion vulnerability in index↗2022-04-29

▶

CVEList

CVE-2004-2018: PHP remote file inclusion vulnerability in index↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

ABC2MTEX 1.6.1 - Command Line Stack Overflow↗2019-08-14

▶

Exploit-DB

MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow↗2018-12-18

▶

Exploit-DB

PHP-Nuke 6.x/7.x - 'Modpath' File Inclusion↗2004-05-17

▶