header-logo
Suggest Exploit
vendor:
PHP-Nuke
by:
7.5
CVSS
HIGH
SQL Injection
CWE
Product Name: PHP-Nuke
Affected Version From: PHP-Nuke 8.0.0.3.3b
Affected Version To: PHP-Nuke 8.0.0.3.3b
Patch Exists: NO
Related CWE:
CPE: a:php-nuke:php-nuke:8.0.0.3.3b
Metasploit:
Other Scripts:
Platforms Tested:

SQL Injection in PHP-Nuke

PHP-Nuke is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

Implement proper input validation and sanitization techniques to prevent SQL injection attacks. Update to a patched version of PHP-Nuke if available.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23528/info

PHP-Nuke is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

PHP-Nuke 8.0.0.3.3b is vulnerable to these issues; other versions may also be affected. 

http://www.example.com/nuke/?%2f*

http://www.example.com/html80/?%2f**/UNION%2f**/SELECT

Navigation

Suggest Exploit

Services By CQR