PHPNuke.Modules.php.SQL.Injection

description-logoDescription

PHP-Nuke is an open-source program for creating and managing news-based Web sites. PHP-Nuke versions 7.8 and earlier are vulnerable to SQL injection. A remote attacker could supply a specially-crafted POST request containing malicious SQL code to the module.php script using the name, sid, or pid parameter, which would enable the attacker to obtain sensitive information, and add, modify or delete data in the backend database.

affected-products-logoAffected Products

PHP-Nuke 7.8

Impact logoImpact

Manipulation of data

recomended-action-logoRecommended Actions

Apply patch for version 7.8.
http://phpnuke.org/modules.php?name=Downloads&d_op=getit&lid=527

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-11 16.978