PostNuke 0.72x Phoenix Glossary Module - SQL Injection

EDB-ID:

22651

CVE:


Platform:

PHP

Published:

2003-05-26

source: http://www.securityfocus.com/bid/7697/info

A vulnerability has been discovered in PostNuke Phoenix v0.723 and earlier. Specifically, the Glossary module fails to sufficiently sanitize user-supplied input, making it prone to SQL injection attacks.

Exploitation may allow for modification of SQL queries, resulting in information disclosure, or database corruption. 

http://example.com/modules.php?op=modload&name=Glossary&file=index&page=`[SQL QUERY]