Arbitrary File Copy and Deletion Vulnerability in PHP-Nuke 5.2

Arbitrary File Copy and Deletion Vulnerability in PHP-Nuke 5.2

CVE-2001-0854 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.

Learn more about our User Device Pen Test.