Code Execution and XSS Holes in PHP-Nuke
Code execution and cross-site scripting vulnerabilities have been found in PHP-Nuke 6.0, a popular but notoriously insecure web portal system which is used to run hundreds of thousands of sites. The first flaw is in the web mail module: if a user receives and reads a message with an attached file, the file is stored in a web-accessible directory under its normal name. There is no content filtering, so it would be trivial to place and execute a PHP script or other form of active content on the web server in this manner.
Furthermore, a cross-site scripting vulnerability exists in the same mail module. By combining this with the file attachment issue, an attacker could construct an e-mail that automatically executes a malicious script the moment a recipient reads the message. Check out the post on Bugtraq for a patch and sample exploit.
(N-Stalker Security Force)