Ec (2); Description: PHP-Nuke is a popular website creation and management tool. It can use a lot of database software as the backend, for example, MySQL, PostgreSQL, mSQL, Interbase, and Sybase. The Your_Account module of PHP-Nuke has the input verification vulnerability. Remote attackers may exploit this vulnerability to execute SQL injection attacks on server programs. The Your_Account module of PHP-Nuke does not apply to script ec (2); script
Description:
PHP-Nuke is a popular website creation and management tool. It can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, and Sybase.
The Your_Account module of PHP-Nuke has the input verification vulnerability. Remote attackers may exploit this vulnerability to execute SQL injection attacks on server programs.
The Your_Account module of PHP-Nuke does not perform a full filtering check on the username parameter. Remote attackers may insert malicious SQL commands in this parameter to obtain operations on the background database without authorization.
Affected Systems:
PHP-Nuke PHP-nuke7.8
Unaffected system:
PHP-Nuke 7.9 patch 3.1
Patch download:
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://phpnuke.org/