PT-2006-2371 · Mini Nuke · Mini-Nuke Cms System

|Ucifer

Published

2006-03-23

Updated

2018-10-18

CVE-2006-1362

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mini-Nuke CMS System versions 1.8.2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the uid parameter in "members.asp", the catid parameter in "articles.asp" and "programs.asp", and the id parameter in "hpages.asp" and "forum.asp".

Recommendations For Mini-Nuke CMS System versions 1.8.2 and earlier, consider restricting access to the vulnerable parameters uid, catid, and id in the respective ASP pages until a fix is available. As a temporary workaround, avoid using these parameters in the affected API endpoints.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1362

Affected Products

Mini-Nuke Cms System

PT-2006-2371 · Mini Nuke · Mini-Nuke Cms System

CVE-2006-1362

Related Identifiers

Affected Products

References · 5