PHP-Nuke Delete God Admin Access Control Bypass Vulnerability

PHP-Nuke is reported prone to an access control bypass vulnerability.

Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke "God Admin" account. This may be accomplished by making a specially crafted request for the "admin.php" script.


 

Privacy Statement
Copyright 2010, SecurityFocus