Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
TheosEleos
Life Cycles Becoming CPU Cycles


Joined: Sep 18, 2003
Posts: 960
Location: Missouri

PostPosted: Fri Jan 09, 2004 12:17 pm Reply with quote

Is this true and is there a fix?

Quote:
(4) MODERATE: PHP-Nuke Multiple Modules SQL Injection
Affected: PHP-Nuke version 7.0 FINAL and possibly prior versions

Description:
The PHP-Nuke "Surveys" module contains an SQL injection vulnerability
in handling data supplied to the "pollID" parameter. Remote attackers
can exploit the flaw to manipulate SQL queries issued against the
backend database, potentially leading to compromise of the PHP-Nuke
application. Further, the vendor's announcement of a fix indicates that
additional SQL injection vulnerabilities have been found in the "Forums"
and "Reviews" modules. Technical details have been posted.

Status: The vendor has corrected the problems in the latest release of
PHP-Nuke version 7.0 FINAL. The new version is available to PHP-Nuke
Club Members only.

Council Site Actions: The affected software is not in production or
widespread use at any of the council sites. Most sites reported that no
action was necessary. A few sites did send out a notice to their
respective support groups as an FYI.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website AIM Address ICQ Number
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Fri Jan 09, 2004 4:43 pm Reply with quote

Old news. And, it only worked where MySQL v4.x is being used.
 
View user's profile Send private message
Luth
New Member
New Member


Joined: Jan 05, 2004
Posts: 3

PostPosted: Fri Jan 09, 2004 7:03 pm Reply with quote

So this is only an issue with MySQL v4.x and below? Above that version? Or strickly v4.x? Could you please clarify this a bit. Old news to you but new to me as I have just started toying with the nuke site builder. I would like to know if my efforts are in vain...


Last edited by Luth on Fri Jan 09, 2004 8:01 pm; edited 1 time in total 
View user's profile Send private message
TheosEleos
PostPosted: Fri Jan 09, 2004 7:34 pm Reply with quote

^^Cheesehead friend of mine.
 
Raven
PostPosted: Fri Jan 09, 2004 9:22 pm Reply with quote

4.x only, to my understanding. Many of us have tried to replicate the 'exploit' and have not been able to.
 
Luth
PostPosted: Fri Jan 09, 2004 10:22 pm Reply with quote

Gotcha, thx

Cool
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©