Vulnerabilities > CVE-2007-0309 - SQL Injection vulnerability in PHP-Nuke Block-Old_Articles.PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
francisco-burzi
exploit available

Summary

SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Vulnerable Configurations

Part Description Count
Application
Francisco_Burzi
1

Exploit-Db

descriptionPHP-Nuke 7.x Block-Old_Articles.PHP SQL Injection Vulnerability. CVE-2007-0309. Webapps exploit for php platform
idEDB-ID:29453
last seen2016-02-03
modified2007-01-13
published2007-01-13
reporterPaisterist
sourcehttps://www.exploit-db.com/download/29453/
titlePHP-Nuke 7.x Block-Old_Articles.PHP SQL Injection Vulnerability