Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0302

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2009-0302
Last Modified 24 Aug 2012 10:50:52
Published 27 Jan 2009 03:30:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2009-0302

Summary

SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.

Vulnerable Systems

Application

  • Php-nuke Downloads Module 8.0


References

XF - downloads-module-sql-injection(48186)

BID - 33410

BUGTRAQ - 20090123 PHP-Nuke 8.0 Downloads Blind Sql Injection

OSVDB - 51633

XF - phpnuke-uri-sql-injection(71475)

BID - 50770

EXPLOIT-DB - 18148

OSVDB - 77349

MISC - http://1337day.com/exploits/15481


Last Updated: 27 May 2016 11:00:18