Release date:
Updated on:
Affected Systems:
Nuked-Klan SP4.x
Description:
--------------------------------------------------------------------------------
Nuked Klan is a PHP Gateway Program for "clans.
The SQL injection vulnerability exists in Nuked Klan SP4.5 and is passed to index through the "eid" parameter. the input in php (when "file" is set to "Calendar", "op" is set to "show_event", and "type" is set to "birthday") is not filtered correctly, this vulnerability is used in SQL queries. Attackers can exploit this vulnerability to perform SQL queries.
<* Source: Karim h. B.
Link: http://secunia.com/advisories/49515/
Http://packetstormsecurity.org/files/113689/Nuked-Klan-SP-CMS-4.5-SQL-Injection.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Nuked-Klan
----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.nuked-klan.org