banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.065
EPSS Ranking 92.9%