vendor:
PHP-Nuke
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS), SQL Injection, Denial of Service (DoS)
79 (XSS), 89 (SQL Injection), 400 (DoS)
CWE
Product Name: PHP-Nuke
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
PHP-Nuke Multiple Vulnerabilities
PHP-Nuke is prone to multiple vulnerabilities including cross-site scripting (XSS) in the 'Faq', 'Encyclopedia', and 'Reviews' modules, SQL injection in the 'Reviews' module, and a remote denial of service (DoS) vulnerability in the score subsystem of the 'Review' module. These vulnerabilities occur due to insufficient sanitization of user-supplied data, allowing remote attackers to execute malicious code, modify database queries, and deny service to legitimate users.
Mitigation:
To mitigate these vulnerabilities, PHP-Nuke users should apply the latest patches or updates provided by the vendor. Additionally, input validation and sanitization should be implemented to prevent the execution of malicious code and SQL injection attacks. Regular security audits and penetration testing are also recommended to identify and address any potential vulnerabilities.