Inadequate Security Checking in PHP-Nuke Flavors
Date: Friday, June 04 @ 14:09:44 CEST
Topic: Security


OSC2Nuke "is an open source project combining the functionality of PHPNuke's portal system with OSCommerce's shopping cart software. Run by the Dreamlite development team, this project has been active since mid-2003. OSCNukeLite is the predecessor of OSC2Nuke". Due to inadequate security checks, the product can be made vulnerable to file inclusion attacks, SQL injection, path disclosure, etc.

Full report Securiteam

NukeCops Beta PHP-Nuke is a fork of PhpNuke which has been customized with some additional functionality and corrective code to eliminate user reported software bugs. Created in mid-2003, this open source portal software is maintained by the "official" PhpNuke developers at NukeCops (http://www.nukecops.com/).

PHP-Nuke is a very popular open source portal software for building dynamic websites. It is a fork of Thatware and has been under active development since mid-2000. Over the years, PhpNuke itself has spawned a number of software forks.

Each flavor has its own somewhat different issues.





This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=2230