Serious PHPnuke vulnerability

Help Net Security has word of a serious issue with PHPnuke: “After testing just a few scripts on phpnuke I have noticed the following:

Some fields in the registration form allow code

and fail to filter out the tags.

e.g Interests: src=http://www.anything.com/defaced.gif>

Also when faking a form and posting from local file (user.php.html) after editing a few
fields like the avatar picture for example, it is possible to escape surtain dirs with the
../../../../dir/pic.gif in the options field.”

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR