header-logo
Suggest Exploit
vendor:
PHPNuke Forum Module
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPNuke Forum Module
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:phpnuke:phpnuke
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

PHPNuke Forum Module Input Validation Error

It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to inject SQL commands and queries into the SQL database used by PHPNuke.

Mitigation:

Input validation should be performed to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7194/info

It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to inject SQL commands and queries into the SQL database used by PHPNuke.

http://www.example.com/modules.php?op=modload&name=Forums&file=viewforum&forum='%20OR%201=1%20INTO%20OUTFILE%20'[/path]/vf.txt'/*

Navigation

Suggest Exploit

Services By CQR