Description: PHP-Nuke is a popular website creation and management tool. it can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, and Sybase. The Your_Account module of PHP-Nuke has the input verification vulnerability. remote attackers may exploit this vulnerability to execute SQL injection attacks on server programs. PHP-Nuke SQL injection PHP-Nuke
Description:
PHP-Nuke is a popular website creation and management tool. it can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, and Sybase.
The Your_Account module of PHP-Nuke has the input verification vulnerability. remote attackers may exploit this vulnerability to execute SQL injection attacks on server programs.
The Your_Account module of PHP-Nuke does not perform a full filtering check on the username parameter. remote attackers may insert malicious SQL commands in this parameter to obtain operations on the background database without authorization.
Affected systems:
PHP-Nuke PHP-nuke7.8
Unaffected system:
PHP-Nuke 7.9 patch 3.1
Patch download:
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://phpnuke.org/