PHP Nuke Remote Ad Banner URL Change Vulnerability
PHP-Nuke is a website creation/maintainence tool written in PHP3.
A PHP-Nuke feature supporting cycling ad banners is subject to interference from a remote user.
A querystring can be submitted to an unpatched server which allows the remote user to specify a new destination URL to be opened in a visitor's browser upon clicking a PHP-nuke site's ad banner.
By changing the click-through destination of a banner ad, an attacker could interfere with the target's ad-based revenue generation.