PHP-Nuke SQL Injection Vulnerability Network Vulnerability

Summary

This host is running PHP-Nuke and is prone to SQL Injection vulnerability.

Impact

Successful exploitation will let the attacker cause SQL Injection attack, gain sensitive information about the database used by the web application or can execute arbitrary code inside the context of the web application. Impact Level: Application

Solution

Upgrade to version or later http://phpnuke-downloads.com/phpnuke.html

Insight

The flaw is generated because the user supplied data passed into 'referer' header element when requesting the '/main/tracking/userLog.php' is not properly sanitized before it is used in an SQL query.

Affected

PHP-Nuke version 8.0 and prior on all platforms.

References

http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html
http://www.securityfocus.com/archive/1/503845

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1842

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Artifectx xClassified 'catid' SQL Injection Vulnerability
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
Apache Tomcat /servlet Cross Site Scripting
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
Agora CGI Cross Site Scripting

Take action and discover your vulnerabilities