CVE-2009-0302

Published: 27/01/2009 Updated: 11/10/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 470

Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P

SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and previous versions allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php-nuke downloads module 8.0

source: wwwsecurityfocuscom/bid/33410/info The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnera ...

#!/usr/bin/perl # [0-Day] PHP-Nuke <= 81035b (Downloads) Remote Blind SQL Injection # Date: 20100704 after 50 days the bug was discovered # Author/s: Dante90, WaRWolFz Crew # Crew Members: 4lasthor, Andryxxx, Cod3, Gho5t, HeRtZ, No3X, RingZero, s3rg3770, # Shades Master, V1R5, yeat # Special Greetings To: The:Paradox # G ...

CWE-89 http://www.securityfocus.com/bid/33410 http://osvdb.org/51633 http://www.securityfocus.com/bid/50770 http://osvdb.org/77349 http://www.exploit-db.com/exploits/18148 http://1337day.com/exploits/15481 https://exchange.xforce.ibmcloud.com/vulnerabilities/71475 https://exchange.xforce.ibmcloud.com/vulnerabilities/48186 http://www.securityfocus.com/archive/1/500335/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/32747/

CVE-2009-0302

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect