VULHUB ™

PHP-Nuke存在全局变量重写漏洞，远程攻击者可通过修改传给管理脚本(1) index.php，(2) admin_ug_auth.php，(3) admin_board.php，(4) admin_disallow.php，(5) admin_forumauth.php，(6) admin_groups.php，(7) admin_ranks.php，(8) admin_styles.php，(9) admin_user_ban.php，(10) admin_words.php，(11) admin_avatar.php，(12) admin_db_utilities.php，(13) admin_forum_prune.php，(14) admin_forums.php，(15) admin_mass_email.php，(16) admin_smilies.php，(17) admin_ug_auth.php和(18) admin_users.php(在$phpbb_root_path初始化为静态值之后，执行import_request_variables函数时，重写$phpbb_root_path)的phpbb_root_path参数来发起远程PHP文件包含攻击。

PHP-Nuke存在全局变量重写漏洞，远程攻击者可通过修改传给管理脚本(1) index.php，(2) admin_ug_auth.php，(3) admin_board.php，(4) admin_disallow.php，(5) admin_forumauth.php，(6) admin_groups.php，(7) admin_ranks.php，(8) admin_styles.php，(9) admin_user_ban.php，(10) admin_words.php，(11) admin_avatar.php，(12) admin_db_utilities.php，(13) admin_forum_prune.php，(14) admin_forums.php，(15) admin_mass_email.php，(16) admin_smilies.php，(17) admin_ug_auth.php和(18) admin_users.php(在$phpbb_root_path初始化为静态值之后，执行import_request_variables函数时，重写$phpbb_root_path)的phpbb_root_path参数来发起远程PHP文件包含攻击。