vendor:
PHP-Nuke
by:
Unknown
7.5
CVSS
HIGH
Cross-site scripting, SQL Injection, Denial of Service
79, 89, 400
CWE
Product Name: PHP-Nuke
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE:
Platforms Tested:
Unknown
Multiple vulnerabilities in PHP-Nuke
PHP-Nuke is prone to multiple vulnerabilities including cross-site scripting issues in the 'Faq', 'Encyclopedia', and 'Reviews' modules, an SQL Injection vulnerability in the 'Reviews' module, and a remote denial of service vulnerability in the score subsystem of the 'Review' module. These vulnerabilities are caused by insufficient sanitization of user-supplied data, allowing attackers to execute malicious code, modify database queries, and deny service to legitimate users.
Mitigation:
Ensure that user-supplied data is properly sanitized and validated. Apply patches or updates provided by the vendor.