PHP Nuke Double Hex Encoded Input Validation Vulnerability

info
discussion
exploit
solution
references

PHP Nuke Double Hex Encoded Input Validation Vulnerability

PHP Nuke is prone to an input validation vulnerability. Reports indicate the script fails to correctly identify potentially dangerous characters when the characters are double hex-encoded (i.e. %25%41 == %41 == A).

A remote attacker may exploit this issue to bypass PHP Nuke protections and exploit issues that exist in the underlying PHP Nuke installation.