← back
CVE-2006-5525

CVE-2006-5525

EPSS 1.1%
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/2617unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/22511https://exchange.xforce.ibmcloud.com/vulnerabilities/29705https://www.exploit-db.com/exploits/2617http://www.neosecurityteam.net/index.php?action=advisories&id=27http://www.securityfocus.com/bid/20674http://www.vupen.com/english/advisories/2006/4149