Vulnerabilities > CVE-2002-2032 - Unspecified vulnerability in Francisco Burzi PHP-Nuke
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.
Vulnerable Configurations
Exploit-Db
description | PHPNuke 4.x/5.x SQL_Debug Information Disclosure Vulnerability. CVE-2002-2032. Webapps exploit for php platform |
id | EDB-ID:21233 |
last seen | 2016-02-02 |
modified | 2002-01-18 |
published | 2002-01-18 |
reporter | zataz.com |
source | https://www.exploit-db.com/download/21233/ |
title | PHPNuke 4.x/5.x SQL_Debug Information Disclosure Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | PHP_NUKE_SQL_DEBUG.NASL |
description | In PHP-Nuke, the sql_layer.php script contains a debugging feature that may be used by attackers to disclose sensitive information about all SQL queries. Access to the debugging feature is not restricted to administrators. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10856 |
published | 2002-02-07 |
reporter | This script is Copyright (C) 2002-2018 Alert4Web.com |
source | https://www.tenable.com/plugins/nessus/10856 |
title | PHP-Nuke sql_debug Information Disclosure |
code |
|