|
|
CVE Reference: CVE-2007-1520 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-1520 |
|
|
Description: The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA24629 OSVDB 34501 MISC http://www.wisec.it/ush/phpnukexss.html http://phpfi.com/214668 http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/ BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/462727/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/462575/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/462308/100/100/threaded |
|
| Return to the previous page. |
