RETIRED: NukeSentinel NSBypass.PHP SQL Injection Vulnerability
BID:25805
Info
RETIRED: NukeSentinel NSBypass.PHP SQL Injection Vulnerability
| Bugtraq ID: | 25805 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 25 2007 12:00AM |
| Updated: | Sep 28 2007 05:59PM |
| Credit: | Janek Vind "waraxe" is credited with the discovery of this vulnerability. |
| Vulnerable: |
NukeScripts NukeSentinel 2.5.11 |
| Not Vulnerable: |
NukeScripts NukeSentinel 2.5.12 |
Discussion
RETIRED: NukeSentinel NSBypass.PHP SQL Injection Vulnerability
NukeSentinel is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
NukeSentinel 2.5.11 is vulnerable; other versions may also be affected.
NOTE: This BID is being retired because further investigation shows that the issue was previously covered in BID 22629 (NukeSentinel Multiple SQL Injection Vulnerabilities).
NukeSentinel is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
NukeSentinel 2.5.11 is vulnerable; other versions may also be affected.
NOTE: This BID is being retired because further investigation shows that the issue was previously covered in BID 22629 (NukeSentinel Multiple SQL Injection Vulnerabilities).
Exploit / POC
RETIRED: NukeSentinel NSBypass.PHP SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
RETIRED: NukeSentinel NSBypass.PHP SQL Injection Vulnerability
Solution:
The vendor released NukeSentinel 2.5.12 to address this issue. Please see the references for more information.
Solution:
The vendor released NukeSentinel 2.5.12 to address this issue. Please see the references for more information.
References
RETIRED: NukeSentinel NSBypass.PHP SQL Injection Vulnerability
References:
References:
- Download Profile: NukeSentinel(tm) 2.5.12 66-81 (NukeScripts)
- NukeScripts NukeSentinel Homepage (NukeScripts)
- Critical Sql Injection in NukeSentinel 2.5.11 (Janek Vind "waraxe" )