Vulnerabilities > CVE-2006-5525 - Unspecified vulnerability in PHPnuke PHP-Nuke

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
phpnuke
exploit available
NVD
Published: 2006-10-26
Updated: 2024-11-21

Summary

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.

Vulnerable Configurations

Part Description Count
Application
Phpnuke
35

Exploit-Db

descriptionPHP-Nuke <= 7.9 (Encyclopedia) Remote SQL Injection Exploit. CVE-2006-5525. Webapps exploit for php platform
fileexploits/php/webapps/2617.php
idEDB-ID:2617
last seen2016-01-31
modified2006-10-22
platformphp
port
published2006-10-22
reporterPaisterist
sourcehttps://www.exploit-db.com/download/2617/
titlePHP-Nuke <= 7.9 Encyclopedia Remote SQL Injection Exploit
typewebapps

References