PHP-Nuke Multiple Module SQL Injection Vulnerabilities
BID:9544
Info
PHP-Nuke Multiple Module SQL Injection Vulnerabilities
| Bugtraq ID: | 9544 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2004 12:00AM |
| Updated: | Feb 02 2004 12:00AM |
| Credit: | Discovery is credited to Security Corporation. |
| Vulnerable: |
Francisco Burzi PHP-Nuke 6.9 Francisco Burzi PHP-Nuke 6.7 Francisco Burzi PHP-Nuke 6.6 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6.5 Francisco Burzi PHP-Nuke 6.0 |
| Not Vulnerable: |
Francisco Burzi PHP-Nuke 7.0 |
Discussion
PHP-Nuke Multiple Module SQL Injection Vulnerabilities
Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke administrative accounts. Other attacks may also be possible, such as gaining access to sensitive information.
Some of these issues may overlap with previously reported SQL injection vulnerabilities in PHP-Nuke, but have all been reportedly addressed in PHP-Nuke 7.0.
Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke administrative accounts. Other attacks may also be possible, such as gaining access to sensitive information.
Some of these issues may overlap with previously reported SQL injection vulnerabilities in PHP-Nuke, but have all been reportedly addressed in PHP-Nuke 7.0.
Exploit / POC
Solution / Fix
PHP-Nuke Multiple Module SQL Injection Vulnerabilities
Solution:
These issues have been addressed as of PHP-Nuke 7.0.
Francisco Burzi PHP-Nuke 6.0
Francisco Burzi PHP-Nuke 6.5 FINAL
Francisco Burzi PHP-Nuke 6.5
Francisco Burzi PHP-Nuke 6.5 RC2
Francisco Burzi PHP-Nuke 6.5 BETA 1
Francisco Burzi PHP-Nuke 6.5 RC1
Francisco Burzi PHP-Nuke 6.5 RC3
Francisco Burzi PHP-Nuke 6.6
Francisco Burzi PHP-Nuke 6.7
Francisco Burzi PHP-Nuke 6.9
Solution:
These issues have been addressed as of PHP-Nuke 7.0.
Francisco Burzi PHP-Nuke 6.0
-
Francisco Burzi PHP-Nuke 7.0
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1
Francisco Burzi PHP-Nuke 6.5 FINAL
-
Francisco Burzi PHP-Nuke 7.0
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1
Francisco Burzi PHP-Nuke 6.5
-
Francisco Burzi PHP-Nuke 7.0
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1
Francisco Burzi PHP-Nuke 6.5 RC2
-
Francisco Burzi PHP-Nuke 7.0
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1
Francisco Burzi PHP-Nuke 6.5 BETA 1
-
Francisco Burzi PHP-Nuke 7.0
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1
Francisco Burzi PHP-Nuke 6.5 RC1
-
Francisco Burzi PHP-Nuke 7.0
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1
Francisco Burzi PHP-Nuke 6.5 RC3
-
Francisco Burzi PHP-Nuke 7.0
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1
Francisco Burzi PHP-Nuke 6.6
-
Francisco Burzi PHP-Nuke 7.0
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1
Francisco Burzi PHP-Nuke 6.7
-
Francisco Burzi PHP-Nuke 7.0
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1
Francisco Burzi PHP-Nuke 6.9
-
Francisco Burzi PHP-Nuke 7.0
http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1
References
PHP-Nuke Multiple Module SQL Injection Vulnerabilities
References:
References:
- PHPNuke INP Homepage (PHPNuke INP)
- Security Corporation Security Advisory [SCSA-027] (Security Corporation)