Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP-Nuke mainfile.php跨站请求伪造漏洞
Vulnerability Description
PHP-Nuke是一套基于Web的自动化新闻发布和内容管理系统。该系统包含新闻主题、文件下载、论坛管理等模块。 PHP-Nuke 8.0及早期版本中的mainfile.php中存在多个跨站请求伪造漏洞。远程攻击者可利用该漏洞劫持管理员请求添加用户账户或者授予用户账户管理员权限的认证。
CVSS Information
N/A
Vulnerability Type
N/A