PT-2006-1242 · Php Nuke · Phpnuke Ev

Lostmon

Published

2006-01-11

Updated

2017-07-20

CVE-2006-0163

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHPNuke EV version 7.7 -R1

Description The issue allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field in the search module, specifically in the file modules/Search/index.php.

Recommendations For PHPNuke EV version 7.7 -R1, consider restricting access to the search module until a patch is available, and avoid using the query parameter in the search field to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0163

Affected Products

Phpnuke Ev

PT-2006-1242 · Php Nuke · Phpnuke Ev

CVE-2006-0163

Related Identifiers

Affected Products

References · 8