vendor:
Protector System for PHP-Nuke
by:
7.5
CVSS
HIGH
Cross-site scripting (XSS), SQL injection
79, 89
CWE
Product Name: Protector System for PHP-Nuke
Affected Version From: 1.15b1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Multiple vulnerabilities in Protector System for PHP-Nuke
The vulnerabilities in Protector System for PHP-Nuke allow for cross-site scripting attacks and SQL injection attacks. These vulnerabilities can be exploited to reveal sensitive information, hijack user accounts, manipulate content, and attack the underlying database.
Mitigation:
Update to a patched version of Protector System. Avoid input validation vulnerabilities and sanitize user input.