PHPNuke Category Parameter SQL Injection Vulnerability
BID:9630
Info
PHPNuke Category Parameter SQL Injection Vulnerability
| Bugtraq ID: | 9630 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0269 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 10 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | The disclosure of this issue has been credited to pokleyzz <pokleyzz_at_scan-associates.net>. |
| Vulnerable: |
Francisco Burzi PHP-Nuke 6.9 Francisco Burzi PHP-Nuke 6.7 Francisco Burzi PHP-Nuke 6.6 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6.5 Francisco Burzi PHP-Nuke 6.0 Francisco Burzi PHP-Nuke 5.6 Francisco Burzi PHP-Nuke 5.5 Francisco Burzi PHP-Nuke 5.4 Francisco Burzi PHP-Nuke 5.3.1 Francisco Burzi PHP-Nuke 5.2 a Francisco Burzi PHP-Nuke 5.2 Francisco Burzi PHP-Nuke 5.1 Francisco Burzi PHP-Nuke 5.0.1 Francisco Burzi PHP-Nuke 5.0 Francisco Burzi PHP-Nuke 4.4.1 a Francisco Burzi PHP-Nuke 4.4 Francisco Burzi PHP-Nuke 4.3 Francisco Burzi PHP-Nuke 4.0 Francisco Burzi PHP-Nuke 3.0 Francisco Burzi PHP-Nuke 2.5 Francisco Burzi PHP-Nuke 1.0 |
| Not Vulnerable: | |
Discussion
PHPNuke Category Parameter SQL Injection Vulnerability
It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the 'index.php' page.
PHPNuke versions 6.9 and prior have been reported to be prone to this issue, however other versions may be affected as well.
It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the 'index.php' page.
PHPNuke versions 6.9 and prior have been reported to be prone to this issue, however other versions may be affected as well.
Exploit / POC
PHPNuke Category Parameter SQL Injection Vulnerability
The following exploit has been provided:
The following exploit has been provided:
Solution / Fix
PHPNuke Category Parameter SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHPNuke Category Parameter SQL Injection Vulnerability
References:
References: