CVE DATABASE / CVE-2004-1842
CVE-2004-1842
CVSS 8.8 · HIGH
Summary
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Phpnuke php-nuke
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=108006309112075&w=2
- http://secunia.com/advisories/11195
- http://www.securityfocus.com/bid/9895
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15596
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.