virus logo Intrusion Prevention

PHPNuke.Search.Module.Query.Parameter.SQL.Injection

description-logoDescription

The PHP Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. This issue is caused by the search module not properly sanitizing user-supplied inpute to the 'query' varible. This may allow attacker to inject or manipulate SQL queries in the backend datebaes.

affected-products-logoAffected Products

Francisco Burzi PHP-Nuke 7.8
Francisco Burzi PHP-Nuke 7.7
Francisco Burzi PHP-Nuke 7.6
Francisco Burzi PHP-Nuke 7.3
Francisco Burzi PHP-Nuke 7.3
Francisco Burzi PHP-Nuke 7.2
Francisco Burzi PHP-Nuke 7.1
Francisco Burzi PHP-Nuke 7.0 FINAL

Impact logoImpact

System compromise,access or modify data, or exploit vulnerabilities in the underlying database implementation

recomended-action-logoRecommended Actions

Upgrade to version 7.9 or higher, as it has been reported to fix this vulnerability.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1
ID 11907
Created May 16, 2006
Updated Nov 09, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2005-3792
Exploit Prediction Score 95.18%
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app