VULHUB ™

PHP-Nuke is a website creation/maintainence tool written in PHP3. A PHP-Nuke feature supporting cycling ad banners is subject to interference from a remote user. A querystring can be submitted to an unpatched server which allows the remote user to specify a new destination URL to be opened in a visitor's browser upon clicking a PHP-nuke site's ad banner. By changing the click-through destination of a banner ad, an attacker could interfere with the target's ad-based revenue generation.

PHP-Nuke is a website creation/maintainence tool written in PHP3. A PHP-Nuke feature supporting cycling ad banners is subject to interference from a remote user. A querystring can be submitted to an unpatched server which allows the remote user to specify a new destination URL to be opened in a visitor's browser upon clicking a PHP-nuke site's ad banner. By changing the click-through destination of a banner ad, an attacker could interfere with the target's ad-based revenue generation.