Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Multiple Input Validation Vulnerabilities in NukeJokes Module - exploit.company
header-logo
Suggest Exploit
vendor:
NukeJokes module
by:
7.5
CVSS
HIGH
Input Validation
CWE
Product Name: NukeJokes module
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple Input Validation Vulnerabilities in NukeJokes Module

The NukeJokes module is affected by multiple input validation vulnerabilities. These include multiple SQL injection issues and multiple cross-site scripting vulnerabilities. The vulnerabilities arise due to a failure to properly sanitize user-supplied input, allowing remote attackers to manipulate query logic and potentially gain unauthorized access to sensitive information or execute malicious scripts in the context of the victim user's browser.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques in the NukeJokes module. This includes validating and filtering user-supplied input before using it in SQL queries or including it in dynamic web content.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10306/info

It has been reported that the NukeJokes module is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.

Multiple SQL injection issues exists due to a failure of the application to do any sanitization on user input prior to using the offending input in an SQL query.

These SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data.

Multiple cross-site scripting vulnerabilities have been reported to exist due to a failure of the application to properly sanitize user-supplier input before its inclusion in dynamic web content. 

These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.

http://www.example.com/nuke72/modules.php?name=NukeJokes&func=CatView&cat=[xss code here]
http://www.example.com/nuke72/modules.php?name=NukeJokes&func=JokeView&jokeid=[xss code here]

Navigation

Suggest Exploit

Services By CQR