vendor:
pnFlashGames
by:
Kacper
7.5
CVSS
HIGH
Blind SQL/SQL
89
CWE
Product Name: pnFlashGames
Affected Version From: 1.5
Affected Version To: 2.5
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2008
Postnuke Mod pnFlashGames (Blind SQL/SQL) all version Vulnerability
If magic_quotes_gpc is set to off, an attacker can exploit a vulnerability in Postnuke Mod pnFlashGames to gain access to the database. For versions older than 2, the attacker can use the index.php?module=pnFlashGames&func=display&id=-1+union+select+concat(pn_uname,char(58),pn_pass),1,2,3,4,5,6,7,8+from+nuke_users+where+uid=2/* URL to exploit the vulnerability. For versions 1.5 to 2.5, the attacker can use a code snippet to exploit the vulnerability.
Mitigation:
Ensure that magic_quotes_gpc is set to on.