vendor:
myPHPNuke
by:
MustLive
7.5
CVSS
HIGH
Cross-Site Scripting and SQL Injection
89, 89, 89, 89
CWE
Product Name: myPHPNuke
Affected Version From: myPHPNuke < 1.8.8_8rc2
Affected Version To: myPHPNuke < 1.8.8_8rc2
Patch Exists: YES
Related CWE: N/A
CPE: a:myphpnuke:myphpnuke
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Cross-Site Scripting and SQL Injection vulnerabilities in myPHPNuke
There are Cross-Site Scripting and SQL Injection vulnerabilities in print.php in myPHPNuke. XSS: http://site/print.php?sid=%3CBODY%20onload=alert(document.cookie)%3E SQL Injection: http://site/print.php?sid=-1%20union%20select%20null,null,aid,pwd,null,null%20from%20mpn_authors%20limit%200,1 With this query you will receive login and password (hash) of administrator. Vulnerable versions are myPHPNuke < 1.8.8_8rc2. In last version the additional filters were added, so it is not vulnerable to these XSS and SQL Injection attacks. But version 1.8.8_8rc2 is still vulnerable to SQL Injection and so limited SQL Injection attack is possible (without using spaces and brackets).
Mitigation:
Upgrade to the latest version of myPHPNuke
