Back to search
CVE-2005-4715
Published: Feb 13, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20050916 Re: PHP Nuke <= 7.8 Multiple SQL Injections
mailing-list
x_refsource_BUGTRAQ
16801
third-party-advisory
x_refsource_SECUNIA
3
third-party-advisory
x_refsource_SREASON
phpnuke-modulephp-sql-injection(22247)
vdb-entry
x_refsource_XF
http://www.nukefixes.com/ftopict-1779-.html#7641
x_refsource_CONFIRM
http://phpnuke.org/modules.php?name=News&file=article&sid=7434
x_refsource_CONFIRM
19351
vdb-entry
x_refsource_OSVDB
20050913 Re: PHP Nuke <= 7.8 Multiple SQL Injections
mailing-list
x_refsource_BUGTRAQ
20050912 PHP Nuke <= 7.8 Multiple SQL Injections
mailing-list
x_refsource_BUGTRAQ
20050914 Re: PHP Nuke <= 7.8 Multiple SQL Injections
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now