Total vulnerabilities in the database
The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.
| Software | From | Fixed in |
|---|---|---|
| phpnuke / php-nuke | 5.6 | 5.6.x |
| phpnuke / php-nuke | 7.3 | 7.3.x |
| phpnuke / php-nuke | 7.4 | 7.4.x |
| phpnuke / php-nuke | 7.1 | 7.1.x |
| phpnuke / php-nuke | 7.9 | 7.9.x |
| phpnuke / php-nuke | 7.5 | 7.5.x |
| phpnuke / php-nuke | 7.2 | 7.2.x |
| phpnuke / php-nuke | 7.7 | 7.7.x |
| phpnuke / php-nuke | - | 8.0.x |
| phpnuke / php-nuke | 7.8 | 7.8.x |
| phpnuke / php-nuke | 7.0 | 7.0.x |
| phpnuke / php-nuke | 6.5 | 6.5.x |
| phpnuke / php-nuke | 7.6 | 7.6.x |