Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP-Nuke CookieDecode远程跨站脚本漏洞
Vulnerability Description
PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。 PHP-Nuke包含的mainfile.php脚本cookiedecode()函数对用户提交输入缺少充分过滤,远程攻击者可以利用这个漏洞进行跨站脚本攻击,可获得用户敏感信息。 'cookiedecode()'函数不正确过滤用户提供的cookie参数,攻击者构建恶意连接,诱使用户访问,可导致恶意代码在用户浏览器上执行,使攻击者获得目标用户
CVSS Information
N/A
Vulnerability Type
N/A