Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6728

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6728
Last Modified 20 Apr 2009 12:00:00
Published 20 Apr 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6728

Summary

SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.

Vulnerable Systems

Application

  • Phpnuke Php-nuke 5.0

  • Phpnuke Php-nuke 5.0.1

  • Phpnuke Php-nuke 5.1

  • Phpnuke Php-nuke 5.2

  • Phpnuke Php-nuke 5.3

  • Phpnuke Php-nuke 5.3.1

  • Phpnuke Php-nuke 5.4

  • Phpnuke Php-nuke 5.5

  • Phpnuke Php-nuke 5.6

  • Phpnuke Php-nuke 6.0

  • Phpnuke Php-nuke 6.5

  • Phpnuke Php-nuke 6.6

  • Phpnuke Php-nuke 6.7

  • Phpnuke Php-nuke 6.8

  • Phpnuke Php-nuke 6.9

  • Phpnuke Php-nuke 7.0

  • Phpnuke Php-nuke 7.1

  • Phpnuke Php-nuke 7.2

  • Phpnuke Php-nuke 7.3

  • Phpnuke Php-nuke 7.4

  • Phpnuke Php-nuke 7.5

  • Phpnuke Php-nuke 7.6

  • Phpnuke Php-nuke 7.7

  • Phpnuke Php-nuke 7.8

  • Phpnuke Php-nuke 7.9


References

BUGTRAQ - 20081230 php-nuke 8.0 module sections artid blind sql inj vuln.

OSVDB - 52033

BUGTRAQ - 20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.


Last Updated: 27 May 2016 10:49:18