Signature Detail
Short Name |
HTTP:PHP:PHPNUKE:SID-SQL-INJECT |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
php phpnuke sql injection http |
Release Date |
2004/05/12 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: PHP-Nuke Modules.php SID Parameter SQL Injection
This signature detects SQL injection attempts against PHPNuke. PHPNuke versions 7.2 and earlier are vulnerable. Attackers can include a maliciously crafted SID parameter in a query to modules.php, causing the php script to run arbitrary SQL commands.
Extended Description
Multiple SQL vulnerabilities have been identified in the 'modules.php' module of the application. These vulnerabilities may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information. PHPNuke 7.2 and prior are reported to be prone to these issues.
Affected Products
- Francisco Burzi PHP-Nuke 6.0.0
- Francisco Burzi PHP-Nuke 6.5.0
- Francisco Burzi PHP-Nuke 6.5.0 BETA 1
- Francisco Burzi PHP-Nuke 6.5.0 FINAL
- Francisco Burzi PHP-Nuke 6.5.0 RC1
- Francisco Burzi PHP-Nuke 6.5.0 RC2
- Francisco Burzi PHP-Nuke 6.5.0 RC3
- Francisco Burzi PHP-Nuke 6.6.0
- Francisco Burzi PHP-Nuke 6.7.0
- Francisco Burzi PHP-Nuke 6.9.0
- Francisco Burzi PHP-Nuke 7.0.0
- Francisco Burzi PHP-Nuke 7.0.0 FINAL
- Francisco Burzi PHP-Nuke 7.1.0
- Francisco Burzi PHP-Nuke 7.2.0
References
- BugTraq: 10282
- URL: http://www.zone.ee/waraxe/?modname=sa&id=027