COMMAND

    php-nuke

SYSTEMS AFFECTED

    php-nuke all versions

PROBLEM

    Juan  Diego  posted  following.   There  are  a  bug in the banner
    section of  php-nuke which  is web  engine...   The problem is you
    can change the url banners form anywhere, to anywhere.

    Example, to change the url of the first banner yo should enter  un
    your browser

        http://target/banners.php?op=Change&bid=bannerid&url=http://where.to

    if  we  want  to   change  the  banner  number   1  to  redir   to
    www.you_are_redir we write

        http://www.foo.com/banners.php?op=Change&bid=1&url=http://you.are.redir

    where www.foo.com is the server running php-nuke.

    If You get

        A web page that states that; "You changed the URL"

    Reload your page, and click on that banner.... you are  redirected
    to other site...

SOLUTION

    A fix is available (since 8/03/2001):

        http://phpnuke.org/download.php?dcategory=Fixes