PHPNuke.YourAccount.module.SQL.Injection
Description
It indicates a possible exploit of SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke that may allow remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). The problem is that username parameter is not correctly sanitized before using it in SQL queries.
Affected Products
PHP-Nuke 7.7 and earlier versions.
Impact
Gain Access.
Recommended Actions
Upgrade to PHP-Nuke 7.9 or later.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |