PHP-Nuke CVE-2007-1520 Cross-Site Request Forgery Vulnerability

PHP-Nuke CVE-2007-1520 Cross-Site Request Forgery Vulnerability

PHP-Nuke is prone to a cross-site request forgery vulnerability. The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.