Back to search
CVE-2008-0461
Published: Jan 25, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
28624
third-party-advisory
x_refsource_SECUNIA
phpnuke-index-search-sql-injection(39850)
vdb-entry
x_refsource_XF
4965
exploit
x_refsource_EXPLOIT-DB
27408
vdb-entry
x_refsource_BID
ADV-2008-0264
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now