Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.0059Percentile:
0.68199
CVSS Scoring
CVSS v3.1 Score: 8.8
Severity: HIGH
Mapped CWE(s)
CWE-352
: Cross-Site Request Forgery (CSRF)
All CAPEC(s)
CAPEC-111 : JSON Hijacking (aka JavaScript Hijacking)
CAPEC-462 : Cross-Domain Search Timing
CAPEC-467 : Cross Site Identification
CAPEC-62 : Cross Site Request Forgery
CAPEC(s) with Mapped TTPs
Mapped ATT&CK TTPs
Affected Products
cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me