Vulnerability Key Information Overview Vulnerability Type: File Copying and Deletion Affected Software: PHP-Nuke, particularly version 5.2 Impact: Allows malicious users to copy and delete arbitrary files on the server Detailed Description File Manager Flaw: fails to properly prevent direct access File Path Vulnerability: Exploits automatic PHP global variables to bypass file path checks Attack Examples: - Copy file example URL: - Delete file example URL: Impact Permissions: Operations are limited by the permissions of the web server user ID File Access: Malicious users can access any directory on the server, including sensitive files such as Affected Users Version: PHP-Nuke 5.2 Installation: Installations where the web server has write permissions are affected Solution/Workaround Official: No official fix provided; no response from developer when contacted Workaround: Change file permissions or use HTTP authentication to restrict access