Summary
In PHP-Nuke, the sql_layer.php script contains a debugging feature that may be used by attackers to disclose sensitive information about all SQL queries. Access to the debugging feature is not restricted to administrators.
Solution
Add '$sql_debug = 0
' in config.php.
Severity
Classification
-
CVE CVE-2002-2032 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- Apple Safari Multiple Vulnerabilities
- Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
- Apple Remote Desktop Information Disclosure Vulnerability