Approved changes feed: RSS · Atom
cpe:2.3:a:oscommerce:osc2nuke:7x_1.0:*:*:*:*:*:*:*
part: a version: 7x_1.0 update: *
| Vendor | Oscommerce (098fcb3a-981f-5eec-92bc-f7a3c45bbae2) |
|---|---|
| Product | Osc2Nuke (4fc91c35-4221-54f4-b1b0-273b09079fde) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2004-2044 |
vulnerable | 2026-06-08 04:48:08.389379 |
Details available
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
Published: 2005-05-10T04:00:00.000Z
Updated: 2024-08-08T01:15:01.619Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.