Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
Max CVSS
6.8
EPSS Score
0.21%
Published
2011-06-21
Updated
2018-08-13
The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.
Max CVSS
6.8
EPSS Score
2.63%
Published
2007-03-20
Updated
2018-10-16
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.
Max CVSS
8.8
EPSS Score
0.61%
Published
2004-12-31
Updated
2024-02-08
3 vulnerabilities found