PHP-Nuke "query" SQL Injection Vulnerability - Website Hosting - VPS Hosting - Domain Registration Ireland

#1 (permalink)

16-11-05, 04:15 PM

pkelly

Administrator

Site Admin

Join Date: Aug 2003

Posts: 144

PHP-Nuke "query" SQL Injection Vulnerability

http://secunia.com/advisories/17543/

Description:
sp3x has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "query" parameter when performing a search isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability has been confirmed in version 7.8. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Tags

injection, phpnuke, query, sql, vulnerability

« PHP-Nuke NukeFixes Addon "file" Local File Inclusion Vulnerability | phpMyAdmin HTTP Response Splitting Vulnerability »

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
PostNuke "show" Parameter SQL Injection Vulnerability	niall	Security Notices	0	25-08-05 08:24 AM
Drupal XML-RPC PHP Code Execution Vulnerability	niall	Security Notices	0	17-08-05 11:39 AM
Xoops Cross-Site Scripting and SQL Injection Vulnerabilities	niall	Security Notices	0	30-06-05 10:55 AM
PostNuke XML-RPC Library PHP Code Execution Vulnerability	niall	Security Notices	0	30-06-05 10:53 AM

All times are GMT. The time now is 12:20 AM.