|
|
CVE Reference: CVE-2006-5525 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-5525 |
|
|
Description: Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/29705 SAID Secunia Advisory: SA22511 MISC http://www.milw0rm.com/exploits/2617 http://www.neosecurityteam.net/index.php?action=advisories&id=27 BID 20674 |
|
| Return to the previous page. |
