EUVD-2008-3499

Malware in sbrugna...

PHP-Nuke Book Catalog Module 1.0 'upload.php' Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19890/info The Book Catalog module for PHP-Nuke is prone to a vulnerability that lets attackers upload arbitrary files. Exploiting this issue may allow an attacker to compromise the application and the underlying system;...

CVE-2008-3513

SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php...

PHP-Nuke Book Catalog Module Upload.PHP任意文件上传漏洞

PHP-Nuke Book Catalog Module是一款PHP的图书目录模块。 PHP-Nuke Book Catalog Module不正确过滤用户提交的数据，远程攻击者可以利用漏洞上传任意文件，并以WEB进程执行。 'BookCatalog/upload.php'对用户提交的图象文件缺少正确过滤，可直接提交PHP文件而导致以WEB权限执行。 SAP Basis Community Book Catalog Module 1.0 目前没有解决方案提供,请关注以下链接： http://www.basisconsultant.com/index.php...