Intrusion Prevention

HTTP.Referer.Header.SQL.Injection

Description

The web application software is vulnerable to a SQL injection flaw through the HTTP Referer header. A malicious user can thus execute blind SQL queries in the backend database without the user's consent.

Affected Products

PHP-Nuke 8.0.0 Final

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Update the vulnerable software.

CVE References

CVE-2007-1061