Intrusion Prevention

PHPNuke.YourAccount.module.SQL.Injection

Description

It indicates a possible exploit of SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke that may allow remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). The problem is that username parameter is not correctly sanitized before using it in SQL queries.

Affected Products

PHP-Nuke 7.7 and earlier versions.

Impact

Gain Access.

Recommended Actions

Upgrade to PHP-Nuke 7.9 or later.

CVE References

CVE-2006-0679