PT-2002-2753 · Php · Php-Nuke
Published
2002-12-31
·
Updated
2024-02-14
·
CVE-2002-2032
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PHP-Nuke versions 5.4 and earlier
Description
The issue allows remote attackers to gain SQL query information by exploiting debugging features that are not properly restricted. This can be achieved by setting the
sql debug parameter in specific files, such as "index.php" and "modules.php".Recommendations
For PHP-Nuke versions 5.4 and earlier, restrict access to debugging features by properly securing the
sql debug parameter to prevent unauthorized access.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Php-Nuke