Intrusion Prevention

PHPNuke.Search.Module.Query.Parameter.SQL.Injection

Description

The PHP Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. This issue is caused by the search module not properly sanitizing user-supplied inpute to the 'query' varible. This may allow attacker to inject or manipulate SQL queries in the backend datebaes.

Affected Products

Francisco Burzi PHP-Nuke 7.8
Francisco Burzi PHP-Nuke 7.7
Francisco Burzi PHP-Nuke 7.6
Francisco Burzi PHP-Nuke 7.3
Francisco Burzi PHP-Nuke 7.3
Francisco Burzi PHP-Nuke 7.2
Francisco Burzi PHP-Nuke 7.1
Francisco Burzi PHP-Nuke 7.0 FINAL

Impact

System compromise,access or modify data, or exploit vulnerabilities in the underlying database implementation

Recommended Actions

Upgrade to version 7.9 or higher, as it has been reported to fix this vulnerability.

CVE References

CVE-2005-3792

Other References

1