Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1480

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-1480
Last Modified 21 Jun 2011 10:54:03
Published 20 Jun 2011 10:52:42
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1480

Summary

SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.

Vulnerable Systems

Application

  • Phpnuke Php-nuke 5.0

  • Phpnuke Php-nuke 5.0.1

  • Phpnuke Php-nuke 5.1

  • Phpnuke Php-nuke 5.2

  • Phpnuke Php-nuke 5.3

  • Phpnuke Php-nuke 5.3.1

  • Phpnuke Php-nuke 5.4

  • Phpnuke Php-nuke 5.5

  • Phpnuke Php-nuke 5.6

  • Phpnuke Php-nuke 6.0

  • Phpnuke Php-nuke 6.5

  • Phpnuke Php-nuke 6.6

  • Phpnuke Php-nuke 6.7

  • Phpnuke Php-nuke 6.8

  • Phpnuke Php-nuke 6.9

  • Phpnuke Php-nuke 7.0

  • Phpnuke Php-nuke 7.1

  • Phpnuke Php-nuke 7.2

  • Phpnuke Php-nuke 7.3

  • Phpnuke Php-nuke 7.4

  • Phpnuke Php-nuke 7.5

  • Phpnuke Php-nuke 7.6

  • Phpnuke Php-nuke 7.7

  • Phpnuke Php-nuke 7.8

  • Phpnuke Php-nuke 7.9

  • Phpnuke Php-nuke 8.0


References

MISC - http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection

MLIST - [oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x <=

MLIST - [oss-security] 20110323 CVE Request: PHP-Nuke 8.x <=

MLIST - [oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability

MLIST - [oss-security] 20110323 CVE Request: PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability


Last Updated: 27 May 2016 10:56:42