myphpnuke version 1.8.8_final_7 and prior that contain sysinfo are
vulnerable to both css attack and phpinfo() Disclosure. The problem is that
unlike the rest of the scripts under /admin/, sysinfo's footer script
called system_footer.php does not check who the user is.
Inside system_footer.php the ...
vulnerable to both css attack and phpinfo() Disclosure. The problem is that
unlike the rest of the scripts under /admin/, sysinfo's footer script
called system_footer.php does not check who the user is.
Inside system_footer.php the ...
[ more ]