Unauthenticated Remote URL Modification in PHP-Nuke 4.4 and Earlier

Unauthenticated Remote URL Modification in PHP-Nuke 4.4 and Earlier

CVE-2001-0383 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.

Learn more about our Web Application Penetration Testing UK.