Approved changes feed: RSS · Atom

cpe:2.3:a:oscommerce:osc2nuke:7x_1.0:*:*:*:*:*:*:*

part: a version: 7x_1.0 update: *

VendorOscommerce (098fcb3a-981f-5eec-92bc-f7a3c45bbae2)
ProductOsc2Nuke (4fc91c35-4221-54f4-b1b0-273b09079fde)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2004-2044 vulnerable 2026-06-08 04:48:08.389379 Details available
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
Published: 2005-05-10T04:00:00.000Z
Updated: 2024-08-08T01:15:01.619Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.