Total vulnerabilities in the database
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
| Software | From | Fixed in |
|---|---|---|
| francisco_burzi / php-nuke | 4.0 | 4.0.x |
| francisco_burzi / php-nuke | 5.3.1 | 5.3.1.x |
| francisco_burzi / php-nuke | 5.1 | 5.1.x |
| francisco_burzi / php-nuke | 4.3 | 4.3.x |
| francisco_burzi / php-nuke | 1.0 | 1.0.x |
| francisco_burzi / php-nuke | 4.4 | 4.4.x |
| francisco_burzi / php-nuke | 2.5 | 2.5.x |
| francisco_burzi / php-nuke | 3.0 | 3.0.x |
| francisco_burzi / php-nuke | 5.0 | 5.0.x |
| francisco_burzi / php-nuke | 5.2a | 5.2a.x |
| francisco_burzi / php-nuke | 5.0.1 | 5.0.1.x |
| francisco_burzi / php-nuke | 5.2 | 5.2.x |
| francisco_burzi / php-nuke | 4.4.1a | 4.4.1a.x |