Release DateDec 24, 2011 |
Severitymedium |
ImpactInformation Disclosure: Remote attackers can gain sensitive information from vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a SQL Injection vulnerability in Symantec PHP-Nuke.The vulnerability is a result of the application's failure to properly sanitize user input in the administrator interface. As a result, a malicious user can execute blind SQL queries in the backend database without the user's consent. |
Affected ProductsPHP-Nuke 8.0.0 Final |
Recommended ActionsUpdate the vulnerable software to the latest version, available from the website:http://phpnuke.org/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-1061 |
Reference/shttp://www.securityfocus.com/bid/22638 (BugTraq)http://www.milw0rm.com/exploits/3346 |
