PHP Nuke 5.4 + index.php still vulnerable !
Source: SentryLabs
This advisory is provided by www.sentry-labs.com. The Inclusion Bug Allows a Remote User to Specify and Execute Remotely Stored PHP Scripts on the PHP-Nuke Server (yet again). The first index.php issue discovered by Nopman (bid 3889) was patched quiete after it was reported, but the patch is still vulnerable to a similar kind of attack.
Vendor Status:
Informed (01/22/02) respoded and promised that this bug will be fixed in the new version which is to be released soon. Please see workaround to prevent exploiting until this happens.
Vendor URL: