‘PHP-Nuke WebMail Command Execution Vulnerability (Mailattach)’


PHP-Nuke is an open-source program for creating and managing news-based Web sites created by Francisco Burzi. PHP-Nuke could allow a remote attacker to include malicious PHP files, caused by a vulnerability in the WebMail module and all other modules with the ability to upload files. ‘


‘The information has been provided by Frog Man.’


Vulnerable systems:
 * PHP-Nuke version 6.0
 * PHP-Nuke version6.5

A remote attacker can send a specially crafted URL request to the mailattach.php script that specifies a malicious PHP file from a remote system as a parameter, which would allow the attacker to execute code on the vulnerable Web server, and possibly obtain a user’s database password.

Vulnerable code:
From mailattach.php file:
if (isset($userfile) AND $userfile != ‘none’) {
    if (ini_get(file_uploads) AND $attachments == 1) {
  $updir = ‘tmp’;
  @copy($userfile, ‘$updir/$userfile_name’);


Categories: UNIX