HTTP: PHP-Nuke modules.php SQL Injection DoS
This signature detects attempts to exploit a SQL injection vulnerability in the modules.php script that ships with PHPNuke. PHPNuke 6.0 and earlier are vulnerable. Attackers can produce a process that increases system load on the server, making it unusable until the process is killed.
Extended Description
A SQL injection vulnerability has been reported for PHP-Nuke 5.6. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. By injecting SQL code into variables, it may be possible for an attacker to corrupt database information.
Affected Products
Francisco_burzi php-nuke
Short Name
HTTP:PHP:PHPNUKE:MODULES-DOS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2002-1242 DoS Injection PHP-Nuke SQL modules.php
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Francisco_burzi
CVSS Score
7.5