Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2044

4 documents4 sources

Severity

7.5HIGH

EPSS

1.1%

top 22.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Francisco Burzi Php-nuke Oscommerce Osc2nuke Paul Laudanski Betanc Php-nuke +1 more

Timeline

PublishedJun 1

Latest updateApr 29

Description

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDoscommerce/osc2nuke7x_1.0

▶NVDpaul_laudanski/betanc_php-nukebundle

▶NVDfrancisco_burzi/php-nuke24 versions+23

▶NVDtrustix/secure_linux2.0, 2.1+1

🔴Vulnerability Details

GHSA

GHSA-wgxc-xgrr-4f53: PHP-Nuke 7↗2022-04-29

▶

CVEList

CVE-2004-2044: PHP-Nuke 7↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

PHP-Nuke 5.x/6.x/7.x - Direct Script Access Security Bypass↗2004-06-01

▶