vendor:
Platinum
by:
Inphex
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Platinum
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
Unknown
PHP-Nuke Platinum , Forums(Standart) – magic_quotes_gpc = OFF , SQL Injection
The file includes/dynamic_titles.php is vulnerable to SQL Injection - lines: 44 - 427. If the file maintenance/index.php is on the server, magic_quotes_gpc can be turned off. This allows for the bypassing of the SQL Injection protection and file write is possible.
Mitigation:
Ensure that magic_quotes_gpc is turned on and that all user input is properly sanitized and validated.