Vulnerabilities > CVE-2006-6200 - SQL Injection vulnerability in PHP-Nuke News Module

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

francisco-burzi

NVD

Published: 2006-12-01

Updated: 2018-10-17

Summary

Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.

Vulnerable Configurations

Part	Description	Count
Application	Francisco_Burzi Francisco Burzi PHP Nuke 7.0 Francisco Burzi PHP Nuke 7.0_Final Francisco Burzi PHP Nuke 7.1 Francisco Burzi PHP Nuke 7.2 Francisco Burzi PHP Nuke 7.3 Francisco Burzi PHP Nuke 7.4 Francisco Burzi PHP Nuke 7.5 Francisco Burzi PHP Nuke 7.6 Francisco Burzi PHP Nuke 7.7 Francisco Burzi PHP Nuke 7.8 Francisco Burzi PHP Nuke 7.8_Patched_3.2 Francisco Burzi PHP Nuke 7.9	12

Summary

Vulnerable Configurations

References