Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions prior to 7.9 with patch 3.1, allows remote malicious users to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
francisco burzi php-nuke 7.6 |
||
francisco burzi php-nuke 7.7 |
||
francisco burzi php-nuke 7.8 |
||
francisco burzi php-nuke 7.2 |
||
francisco burzi php-nuke 7.3 |
||
francisco burzi php-nuke 7.0_final |
||
francisco burzi php-nuke 7.1 |