PHPNuke.Modules.php.SQL.Injection
Description
PHP-Nuke is an open-source program for creating and managing news-based Web sites. PHP-Nuke versions 7.8 and earlier are vulnerable to SQL injection. A remote attacker could supply a specially-crafted POST request containing malicious SQL code to the module.php script using the name, sid, or pid parameter, which would enable the attacker to obtain sensitive information, and add, modify or delete data in the backend database.
Affected Products
PHP-Nuke 7.8
Impact
Manipulation of data
Recommended Actions
Apply patch for version 7.8.
http://phpnuke.org/modules.php?name=Downloads&d_op=getit&lid=527
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |