Intrusion Prevention

PHPNuke.Youraccount.SQL.Injection

Description

It indicates an attacker attempted a SQL Injection attack against PHPNuke. PHP-Nuke 7.8 is prone to multiple input validation errors that can be exploited via a SQL Injection attack. The flaws can be found in 1. username parameter in the Your Account page. 2. url parameter in the Downloads module. 3. description parameter in the Web_Links module.

Affected Products

Francisco Burzi PHP-Nuke 7.8

Impact

Disclosure or Modification of sensitive data

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2005-3304