Vulnerabilities > CVE-2006-0163 - SQL Injection vulnerability in Francisco Burzi PHP-Nuke EV 7.7R1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
francisco-burzi
exploit available
NVD
Published: 2006-01-11
Updated: 2017-07-20

Summary

SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792.

Vulnerable Configurations

Part Description Count
Application
Francisco_Burzi
1

Exploit-Db

descriptionPHPNuke 7.7 EV Search Module SQL Injection Vulnerability. CVE-2006-0163. Webapps exploit for php platform
idEDB-ID:27058
last seen2016-02-03
modified2006-01-09
published2006-01-09
reporterLostmon
sourcehttps://www.exploit-db.com/download/27058/
titlePHPNuke 7.7 EV Search Module SQL Injection Vulnerability

References