PHP-Nuke Vulnerability

The Neo Security Team reports a new vulnerability in PHP-Nuke for all versions of 7.9 and below. This was discovered by Paisterist.

In /modules/Journal/search.php the “forwhat” variable is not sanitized correctly

The vulnerability is reported to be Mildly Critical. However, it is best to get this patched.

PHP-Nuke has released version 8.0 for paid members. So if you are a free user then you will need to apply the patch.

Patch details are on the advisory page.

About Ajay

A die-hard blogger, web developer, biker, singer, geek, non-stop talker, foodie, movie freak are just some of the words that begin to describe me.

• 
• 
• 
•