MyPHPNuke Phptonuke.php Directory Traversal Network Vulnerability

Summary

The remote web server contains a PHP script that allows for reading of arbitrary files. Description : The version of myPHPNuke installed on the remote host allows anyone to read arbitrary files by passing the full filename to the 'filnavn' argument of the 'phptonuke.php' script.

Solution

Upgrade to the latest version.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=103480589031537&w=2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-1913

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Apache Tomcat Directory Listing and File disclosure

myPHPNuke phptonuke.php Directory Traversal

Take action and discover your vulnerabilities