PostNuke 0.72x Phoenix Glossary Module SQL Injection Vulnerability

2003-05-26T00:00:00
ID EDB-ID:22651
Type exploitdb
Reporter Lorenzo Manuel Hernandez Garcia-Hierro
Modified 2003-05-26T00:00:00

Description

PostNuke 0.72x Phoenix Glossary Module SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/7697/info

A vulnerability has been discovered in PostNuke Phoenix v0.723 and earlier. Specifically, the Glossary module fails to sufficiently sanitize user-supplied input, making it prone to SQL injection attacks.

Exploitation may allow for modification of SQL queries, resulting in information disclosure, or database corruption. 

http://example.com/modules.php?op=modload&name=Glossary&file=index&page=`[SQL QUERY]