PHP-Nuke 5.x allows remote malicious users to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
francisco burzi php-nuke 5.0 |
||
francisco burzi php-nuke 5.0.1 |