SECUNIA ADVISORY ID: SA22617
VERIFY ADVISORY: http://secunia.com/advisories/22617/
CRITICAL: Moderately critical
IMPACT: Manipulation of data
WHERE: >From remote
SOFTWARE: PHP-Nuke 7.x - http://secunia.com/product/2385/
DESCRIPTION: Paisterist has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "forwhat" parameter in modules/journal/search.php is not properly sanitised, before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 7.9. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY: Paisterist
ORIGINAL ADVISORY: http://www.neosecurityteam.net/index.php?action=advisories&id=29
PHP-Nuke *forwhat* SQL Injection VulnerabilityPosted on Wednesday, November 01, 2006 @ 09:01:40 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
