Foros del web, para los que viven de bits

Datacenter1 · 12-sep-2005, 14:43

Una nueva vulnerabilidad ha sido descubierta en la versión 7.8 e inferiores, se trata nuevamente de un SQL Injection, creo que de momento no existe un parche pero esten pendientes de actualizarse tan pronto como liberen un parche.

[NewAngels Advisory #7]PHP Nuke <= 7.8 Multiple SQL Injections
================================================== ===========================

Software: PHP Nuke 7.8
Type: SQL Injections
Risk: High

Date: Sep. 10 2005
Vendor: PHP-Nuke (phpnuke.org)

Credit:
=======
Robin 'onkel_fisch' Verton from it-security23.net

Description:
============
PHP-Nuke is a news automated system specially designed to be used in Intranets and Internet.
The Administrator has total control of his web site, registered users, and he will have in the hand
a powerful assembly of tools to maintain an active and 100% interactive web site using databases.
[http://www.phpnuke.org/]

Vulnerability:
==============

PHP Nuke 7.8 is prone to multiple SQL injection vulnerabilities.
These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.

12-sep-2005, 14:43	#1 (permalink)
Datacenter1 Fecha de Ingreso: agosto-2005 Ubicación: Chicago Mensajes: 646	Para los que usan PHP-Nuke Una nueva vulnerabilidad ha sido descubierta en la versión 7.8 e inferiores, se trata nuevamente de un SQL Injection, creo que de momento no existe un parche pero esten pendientes de actualizarse tan pronto como liberen un parche. [NewAngels Advisory #7]PHP Nuke <= 7.8 Multiple SQL Injections ================================================== =========================== Software: PHP Nuke 7.8 Type: SQL Injections Risk: High Date: Sep. 10 2005 Vendor: PHP-Nuke (phpnuke.org) Credit: ======= Robin 'onkel_fisch' Verton from it-security23.net Description: ============ PHP-Nuke is a news automated system specially designed to be used in Intranets and Internet. The Administrator has total control of his web site, registered users, and he will have in the hand a powerful assembly of tools to maintain an active and 100% interactive web site using databases. [http://www.phpnuke.org/] Vulnerability: ============== PHP Nuke 7.8 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. __________________ ResellerSolution.com Hosting Linux y Windows - Dominios - VPS - Dedicados para Revender Planes cPanel y H-Sphere ahora con conectividad Mzima

Herramientas
Mostrar Versión Imprimible Enviar por Correo
Desplegado
Mode Lineal Cambiar a Modo Hibrido Cambiar a Modo Hilado