CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
76.0%
Janek Vind “waraxe” reports that several issues in the
PHPNuke software may be exploited via carefully crafted
URL requests. These URLs will permit the injection of
SQL code, cookie theft, and the readability of the
PHPNuke administrator account.