myPHPNuke 1.8.8 – ‘auth.inc.php’ SQL Injection

myPHPNuke 1.8.8 – ‘auth.inc.php’ SQL Injection

漏洞ID 1054176 漏洞类型
发布时间 2003-09-20 更新时间 2003-09-20
图片[1]-myPHPNuke 1.8.8 – ‘auth.inc.php’ SQL Injection-安全小百科CVE编号 N/A
图片[2]-myPHPNuke 1.8.8 – ‘auth.inc.php’ SQL Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23164
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8663/info

It has been reported that myPHPNuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue may exist in the auth.in.php module of the software.

The cause of this problem is due to insufficient sanitization of user-supplied data. An attacker may be able to exploit this issue to influence SQL query logic. Successful exploitation may disclose sensitive information about the underlying database to an attacker, which may be used to launch further attacks against a vulnerable system.

myPHPNuke version 1.8.8 has been reported to be prone to this issue, however other versions may be affected as well. 

select pwd from mpn_authors where aid='mad' into outfile '/filepath/file.txt'

相关推荐: AIX writesrv Buffer Overflow Vulnerability

AIX writesrv Buffer Overflow Vulnerability 漏洞ID 1105024 漏洞类型 Boundary Condition Error 发布时间 1997-10-28 更新时间 1997-10-28 CVE编号 N/A CN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享