Thread: null nuke 1.2.5
View Single Post
Old 8th November 2014, 14:53   #5
dimajahiz
Junior Member
 
Join Date: Nov 2014
Posts: 3
i try to find NULL NUKE CMS v2.2 to download i got the info

=======================================================
=======================================================
=======================================================
Title: NULL NUKE CMS v2.2 Multiple Vulnerabilities
Advisory ID: ZSL-2014-5185
Type: Local/Remote
Impact: Spoofing, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Cross-Site Scripting, System Access
Risk: (4/5)
Release Date: 28.04.2014

Summary
NULL-8x3-NUKE is a fast, powerful and secure cross platform CMS for windows and Linux using base or full drive paths.

Description
NULL NUKE CMS suffers from multiple remote vulnerabilities including Stored/Reflected XSS, SQL Injection, Arbitrary File Upload, RCE, Arbitrary File Deletion, Arbitrary File Access using absolute path and/or traversal, Open Redirection, Parameter Traversal, and Cross-Site Request Forgery.

Vendor
nullwanton - http://sourceforge.net/projects/nullnuke/

Affected Version
2.2 and 2.1 rc3

Tested On
Apache/2.4.7 (Win32)
PHP/5.5.6
MySQL 5.6.14

Vendor Status
N/A

PoC
nullnuke_mv.txt
Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
=======================================================
=======================================================
=======================================================

Please Update and fix the Multiple Vulnerabilities

Thanks.
dimajahiz is offline   Reply With Quote