HTTP: PHP-Nuke Modules.php QUERY Parameter SQL Injection
This signature detects attempts to exploit a known vulnerability against PHPNuke. PHPNuke versions 7.2 and earlier are vulnerable. Attackers, creating a SQL injection attack, can include a maliciously crafted QUERY parameter in a query to modules.php, causing the php script to run arbitrary SQL commands.
Extended Description
Multiple SQL vulnerabilities have been identified in the 'modules.php' module of the application. These vulnerabilities may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information. PHPNuke 7.2 and prior are reported to be prone to these issues.
Affected Products
Francisco_burzi php-nuke
Short Name
HTTP:PHP:PHPNUKE:QR-SQL-INJECT
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Injection Modules.php PHP-Nuke Parameter QUERY SQL bid:10282
Release Date
12/05/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Francisco_burzi