PHPNuke.YourAccount.module.SQL.Injection

description-logoDescription

It indicates a possible exploit of SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke that may allow remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). The problem is that username parameter is not correctly sanitized before using it in SQL queries.

affected-products-logoAffected Products

PHP-Nuke 7.7 and earlier versions.

Impact logoImpact

Gain Access.

recomended-action-logoRecommended Actions

Upgrade to PHP-Nuke 7.9 or later.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)