PHP-Nuke 0-7 - Delete God Admin Access Control Bypass
| EKU-ID: 29763 | CVE: OSVDB-8352 | OSVDB-ID: |
| Author: Ahmad Muammar | Published: 2004-08-04 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 29763 | CVE: OSVDB-8352 | OSVDB-ID: |
| Author: Ahmad Muammar | Published: 2004-08-04 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/10861/info PHP-Nuke is reported prone to an access control bypass vulnerability. Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke "God Admin" account. This may be accomplished by making a specially crafted request for the "admin.php" script. http://www.example.com/phpnuke/admin.php?op=deladmin2&del_aid=dudul Where "dudul" is the name of the target "God Admin" account.