VULHUB ™

It is reported that PHPNuke is susceptible to a cross-site scripting vulnerability and an SQL injection vulnerability. Both of these vulnerabilities are due to improper sanitization of user-supplied data. Attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This may result in unauthorized operations being performed on the underlying database. This issue may be exploited to cause sensitive information to be disclosed to a remote attacker. The cross-site scripting vulnerability is reported to exist in the same script. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. This may allow for theft of cookie-based authentication credentials and other attacks. These vulnerabilities were reported in version 7.3 of PHPNuke. Other versions may also be affected.

It is reported that PHPNuke is susceptible to a cross-site scripting vulnerability and an SQL injection vulnerability. Both of these vulnerabilities are due to improper sanitization of user-supplied data. Attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This may result in unauthorized operations being performed on the underlying database. This issue may be exploited to cause sensitive information to be disclosed to a remote attacker. The cross-site scripting vulnerability is reported to exist in the same script. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. This may allow for theft of cookie-based authentication credentials and other attacks. These vulnerabilities were reported in version 7.3 of PHPNuke. Other versions may also be affected.