header-logo
Suggest Exploit
vendor:
PHP-Nuke
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP-Nuke
Affected Version From: 5.6
Affected Version To: 5.6
Patch Exists: YES
Related CWE: N/A
CPE: a:phpnuke:php-nuke
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

SQL Injection Vulnerability in PHP-Nuke 5.6

A SQL injection vulnerability has been reported for PHP-Nuke 5.6. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. By injecting SQL code into variables, it may be possible for an attacker to corrupt database information.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious SQL code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6088/info

A SQL injection vulnerability has been reported for PHP-Nuke 5.6.

The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script.

By injecting SQL code into variables, it may be possible for an attacker to corrupt database information. 

modules.php?name=Your_Account&op=saveuser&uid=2&bio=%5c&EditedMessage=
no&pass=xxxxx&vpass=xxxxx&newsletter=,+bio=0,+pass=md5(1)/*

Navigation

Suggest Exploit

Services By CQR