HTTP: PHP-Nuke Modules.php SID Parameter SQL Injection
This signature detects SQL injection attempts against PHPNuke. PHPNuke versions 7.2 and earlier are vulnerable. Attackers can include a maliciously crafted SID parameter in a query to modules.php, causing the php script to run arbitrary SQL commands.
Extended Description
Multiple SQL vulnerabilities have been identified in the 'modules.php' module of the application. These vulnerabilities may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information. PHPNuke 7.2 and prior are reported to be prone to these issues.
Affected Products
Francisco_burzi php-nuke
Short Name
HTTP:PHP:PHPNUKE:SID-SQL-INJECT
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Injection Modules.php PHP-Nuke Parameter SID SQL bid:10282
Release Date
05/12/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Francisco_burzi