PHP-Nuke Vulnerability

The Neo Security Team reports a new vulnerability in PHP-Nuke for all versions of 7.9 and below. This was discovered by Paisterist.

In /modules/Journal/search.php the “forwhat” variable is not sanitized correctly

The vulnerability is reported to be Mildly Critical. However, it is best to get this patched.

PHP-Nuke has released version 8.0 for paid members. So if you are a free user then you will need to apply the patch.

Patch details are on the advisory page.

Advertisements
Posted in: PHP

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.