{"vuid":"VU#221683","idnumber":"221683","name":"Input-validation vulnerability in PHP-Nuke allows arbitrary command execution via request for remote web site","keywords":["PHP-Nuke","URL input","remote command execution","malicious web site","index.php"],"overview":"PHP-Nuke has an input-validation vulnerability that can lead to execution of arbitrary PHP code hosted on another web server.","clean_desc":"PHP-Nuke is a tool designed to ease web site creation and maintenance. PHP-Nuke includes a script named index.php, which uses PHP's include() function to execute a PHP file specified in the CGI variable named \"file.\" If supplied an HTTP URL, PHP's include() function will request the file from web server as shown in the URL. Since the index.php script does not check if the \"file\" variable contains an HTTP URL before including the file, it can be made to execute arbitrary PHP code from any reachable web server.","impact":"A remote attacker can force the server to run arbitrary PHP source code, with the user same privileges as the PHP server process on the victim host.","resolution":"Apply a patch Upgrade to version 5.5 or later of PHP-Nuke.","workarounds":"Change PHP configuration Set allow_url_fopen to off in the PHP server configuration.","sysaffected":"","thanks":"Thanks to Nopman for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","f","o","c","u","s",".","c","o","m","/","b","i","d","/","3","8","8","9"],"cveids":["CVE-2002-0206"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-01-30T00:31:29Z","publicdate":"2002-01-16T00:00:00Z","datefirstpublished":"2002-09-16T22:09:45Z","dateupdated":"2002-09-16T22:10:35Z","revision":14,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"4","cam_impact":"10","cam_easeofexploitation":"18","cam_attackeraccessrequired":"20","cam_scorecurrent":"5.4","cam_scorecurrentwidelyknown":"6.75","cam_scorecurrentwidelyknownexploited":"12.15","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.4,"vulnote":null}