myPHPNuke 'printfeature.php' SQL Injection Vulnerability
BID:30959
Info
myPHPNuke 'printfeature.php' SQL Injection Vulnerability
| Bugtraq ID: | 30959 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-4092 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 02 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | MustLive |
| Vulnerable: |
myPHPNuke myPHPNuke 1.8.8 _final_7 myPHPNuke myPHPNuke 1.8.8 myPHPNuke myPHPNuke 1.8.8_8 myPHPNuke myPHPNuke 0 |
| Not Vulnerable: |
myPHPNuke myPHPNuke 1.8.8_8rc2 |
Discussion
myPHPNuke 'printfeature.php' SQL Injection Vulnerability
myPHPNuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.
Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to myPHPNuke 1.8.8_8rc2 are vulnerable.
NOTE: myPHPNuke 1.8.8_8rc2 has been reported still vulnerable to certain limited SQL-injection attacks.
myPHPNuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.
Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to myPHPNuke 1.8.8_8rc2 are vulnerable.
NOTE: myPHPNuke 1.8.8_8rc2 has been reported still vulnerable to certain limited SQL-injection attacks.
Exploit / POC
myPHPNuke 'printfeature.php' SQL Injection Vulnerability
An attacker can exploit this issue using a browser.
The following example URI is available:
http://www.example.com/printfeature.php?artid=-1%20union%20select%20null,null,aid,pwd,null,null,null,null%20from%20mpn_authors%20limit%200,1
An attacker can exploit this issue using a browser.
The following example URI is available:
http://www.example.com/printfeature.php?artid=-1%20union%20select%20null,null,aid,pwd,null,null,null,null%20from%20mpn_authors%20limit%200,1
Solution / Fix
myPHPNuke 'printfeature.php' SQL Injection Vulnerability
Solution:
The vendor has addressed this issue in myPHPNuke 1.8.8_8rc2.
NOTE: myPHPNuke 1.8.8_8rc2 has been reported still vulnerable to certain limited SQL-injection attacks.
Solution:
The vendor has addressed this issue in myPHPNuke 1.8.8_8rc2.
NOTE: myPHPNuke 1.8.8_8rc2 has been reported still vulnerable to certain limited SQL-injection attacks.
References
myPHPNuke 'printfeature.php' SQL Injection Vulnerability
References:
References:
- myPHPNuke Homepage (myPHPNuke)
- myPHPNuke Project Page (myPHPNuke)