vendor:
PHP-Nuke
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP-Nuke
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
Unknown
PHP-Nuke Siir SQL Injection(id)
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to 'modules.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to steal sensitive information, modify data, deface the website, etc.
Mitigation:
Input validation should be used to prevent SQL injection attacks. The application should sanitize all user-supplied input to prevent SQL injection attacks.