PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html | Exploit Vendor Advisory |
http://www.securityfocus.com/bid/3149 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2001-08-30 21:00
Updated : 2008-09-05 13:25
NVD link : CVE-2001-1025
Mitre link : CVE-2001-1025
JSON object : View
CWE
Products Affected
francisco_burzi
- php-nuke