NukeSentinel nukesentinel.php Client-IP HTTP Header SQL Injection

ID OSVDB:33765
Type osvdb
Reporter OSVDB
Modified 2007-02-20T08:48:53


Solution Description

Upgrade to version 2.5.07 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Note: This issue was thought to be fixed in 2.5.06 but due to an incomplete patch that used a permissive regular expression to validate an IP address, SQL injection could still occur.


Secunia Advisory ID:24221 Other Advisory URL: Mail List Post: Mail List Post: Mail List Post: Keyword: aka the "File Disclosure Exploit." CVE-2007-1493 CVE-2007-1172