Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and previous versions allows remote malicious users to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpnuke php-nuke 7.0 |
||
phpnuke php-nuke 7.1 |
||
phpnuke php-nuke 7.8 |
||
phpnuke php-nuke |
||
phpnuke php-nuke 7.6 |
||
phpnuke php-nuke 7.7 |
||
phpnuke php-nuke 7.4 |
||
phpnuke php-nuke 7.5 |
||
phpnuke php-nuke 7.2 |
||
phpnuke php-nuke 7.3 |