CVE-2007-1520
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
20/03/2007
Last modified:
09/04/2025
Description
The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:* | 8.0 (including) | |
| cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/34501
- http://phpfi.com/214668
- http://secunia.com/advisories/24629
- http://www.securityfocus.com/archive/1/462308/100/100/threaded
- http://www.securityfocus.com/archive/1/462575/100/0/threaded
- http://www.securityfocus.com/archive/1/462727/100/0/threaded
- http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/
- http://www.wisec.it/ush/phpnukexss.html
- http://osvdb.org/34501
- http://phpfi.com/214668
- http://secunia.com/advisories/24629
- http://www.securityfocus.com/archive/1/462308/100/100/threaded
- http://www.securityfocus.com/archive/1/462575/100/0/threaded
- http://www.securityfocus.com/archive/1/462727/100/0/threaded
- http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/
- http://www.wisec.it/ush/phpnukexss.html