Vulnerabilities > CVE-2006-5525 - SQL Injection vulnerability in PHP-Nuke Encyclopedia Module

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
phpnuke
exploit available

Summary

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.

Exploit-Db

descriptionPHP-Nuke <= 7.9 (Encyclopedia) Remote SQL Injection Exploit. CVE-2006-5525. Webapps exploit for php platform
fileexploits/php/webapps/2617.php
idEDB-ID:2617
last seen2016-01-31
modified2006-10-22
platformphp
port
published2006-10-22
reporterPaisterist
sourcehttps://www.exploit-db.com/download/2617/
titlePHP-Nuke <= 7.9 Encyclopedia Remote SQL Injection Exploit
typewebapps