PT-2005-4543 · Php Nuke · Php-Nuke

Janek Vind

Published

2005-11-24

Updated

2018-10-19

CVE-2005-3792

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions prior to 7.9 with patch 3.1

Description The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities in the Search module. This can be demonstrated via the query parameter in a stories type.

Recommendations For versions prior to 7.9 with patch 3.1, update to version 7.9 with patch 3.1 to resolve the issue. As a temporary workaround, consider restricting access to the Search module until the update is applied. Avoid using the query parameter in the affected stories type until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3792

Affected Products

Php-Nuke

PT-2005-4543 · Php Nuke · Php-Nuke

CVE-2005-3792

Related Identifiers

Affected Products

References · 16