Security Advisory

CVE-2007-1520

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-03-20 20:00:00

Last updated 2024-08-07 12:59:08

Assigner mitre

State PUBLISHED

Description

The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.

← Browse all CVEs View on cve.org ↗