CVE-2007-1520 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-1520
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1520

Description: The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.

CVE Status: Candidate

References: SAID Secunia Advisory: SA24629 OSVDB 34501 MISC http://www.wisec.it/ush/phpnukexss.html http://phpfi.com/214668 http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/ BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/462727/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/462575/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/462308/100/100/threaded

Return to the previous page.