PostNuke 0.72x Phoenix Glossary Module – SQL Injection

PostNuke 0.72x Phoenix Glossary Module – SQL Injection

漏洞ID 1053888 漏洞类型
发布时间 2003-05-26 更新时间 2003-05-26
图片[1]-PostNuke 0.72x Phoenix Glossary Module – SQL Injection-安全小百科CVE编号 N/A
图片[2]-PostNuke 0.72x Phoenix Glossary Module – SQL Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22651
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7697/info

A vulnerability has been discovered in PostNuke Phoenix v0.723 and earlier. Specifically, the Glossary module fails to sufficiently sanitize user-supplied input, making it prone to SQL injection attacks.

Exploitation may allow for modification of SQL queries, resulting in information disclosure, or database corruption. 

http://example.com/modules.php?op=modload&name=Glossary&file=index&page=`[SQL QUERY]

相关推荐: Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability

Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability 漏洞ID 1103765 漏洞类型 Input Validation Error 发布时间 2000-10-04 更新时间 2000-10…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享