header-logo
Suggest Exploit
vendor:
Protector System for PHP-Nuke
by:
7.5
CVSS
HIGH
Cross-site scripting (XSS), SQL injection
79, 89
CWE
Product Name: Protector System for PHP-Nuke
Affected Version From: 1.15b1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple vulnerabilities in Protector System for PHP-Nuke

The vulnerabilities in Protector System for PHP-Nuke allow for cross-site scripting attacks and SQL injection attacks. These vulnerabilities can be exploited to reveal sensitive information, hijack user accounts, manipulate content, and attack the underlying database.

Mitigation:

Update to a patched version of Protector System. Avoid input validation vulnerabilities and sanitize user input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10206/info
 
Multiple vulnerabilities were reported to exist in Protector System, which is a third-party module for PHP-Nuke. Cross-site scripting and SQL injection vulnerabilities were reported.
 
Exploitation of these issues may reveal sensitive information, allow for account hijacking, content manipulation and attacks against the underlying database.
 
These issues were reported to exist in Protector System 1.15b1. Other versions may also be affected.

http://www.example.com/nuke72/admin/modules/blocker_query.php?target=foobar.com">[xss code here]
http://www.example.com/nuke72/admin/modules/blocker_query.php?target=foobar.com&queryType=all&portNum=foobar[xss code here]