CVE: CVE-2006-5525

Export to Word

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.01016
Percentile: 0.76209

CVSS Scoring

CVSS v2 Score: 5.1

Severity:

Affected Products

cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*
cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*
cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*
cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*
cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*
cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*
cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*
cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*
cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*
cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*

← Back to Home