PHP Nuke User Settings Modification Vulnerability
BID:2422
Info
PHP Nuke User Settings Modification Vulnerability
| Bugtraq ID: | 2422 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2001 12:00AM |
| Updated: | Feb 23 2001 12:00AM |
| Credit: | Reported to bugtraq by rain forest puppy < [email protected] > on monday, February 12, 2001. |
| Vulnerable: |
Francisco Burzi PHP-Nuke 4.3 |
| Not Vulnerable: | |
Discussion
PHP Nuke User Settings Modification Vulnerability
By submitting values for the global variable $user, an attacker can cause PHP to execute an SQL query which makes changes to display settings for a specific target user.
By submitting values for the global variable $user, an attacker can cause PHP to execute an SQL query which makes changes to display settings for a specific target user.
Exploit / POC
PHP Nuke User Settings Modification Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHP Nuke User Settings Modification Vulnerability
References:
References: