PHPNuke.Search.Module.Query.Parameter.SQL.Injection
Description
The PHP Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. This issue is caused by the search module not properly sanitizing user-supplied inpute to the 'query' varible. This may allow attacker to inject or manipulate SQL queries in the backend datebaes.
Affected Products
Francisco Burzi PHP-Nuke 7.8
Francisco Burzi PHP-Nuke 7.7
Francisco Burzi PHP-Nuke 7.6
Francisco Burzi PHP-Nuke 7.3
Francisco Burzi PHP-Nuke 7.3
Francisco Burzi PHP-Nuke 7.2
Francisco Burzi PHP-Nuke 7.1
Francisco Burzi PHP-Nuke 7.0 FINAL
Impact
System compromise,access or modify data, or exploit vulnerabilities in the underlying database implementation
Recommended Actions
Upgrade to version 7.9 or higher, as it has been reported to fix this vulnerability.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |