SQL injection vulnerability in PHP-Nuke 6.9 and previous versions, and possibly 7.x, allows remote malicious users to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
francisco burzi php-nuke 1.0 |
||
francisco burzi php-nuke 5.0 |
||
francisco burzi php-nuke 5.0.1 |
||
francisco burzi php-nuke 5.6 |
||
francisco burzi php-nuke 6.0 |
||
francisco burzi php-nuke 6.7 |
||
francisco burzi php-nuke 6.9 |
||
francisco burzi php-nuke 2.5 |
||
francisco burzi php-nuke 3.0 |
||
francisco burzi php-nuke 5.1 |
||
francisco burzi php-nuke 5.2 |
||
francisco burzi php-nuke 6.5 |
||
francisco burzi php-nuke 6.5_beta1 |
||
francisco burzi php-nuke 4.0 |
||
francisco burzi php-nuke 4.3 |
||
francisco burzi php-nuke 5.2a |
||
francisco burzi php-nuke 5.3.1 |
||
francisco burzi php-nuke 6.5_final |
||
francisco burzi php-nuke 6.5_rc1 |
||
francisco burzi php-nuke 4.4 |
||
francisco burzi php-nuke 4.4.1a |
||
francisco burzi php-nuke 5.4 |
||
francisco burzi php-nuke 5.5 |
||
francisco burzi php-nuke 6.5_rc2 |
||
francisco burzi php-nuke 6.5_rc3 |
||
francisco burzi php-nuke 6.6 |