CVE-2002-2032
published 2002-12-31CVE-2002-2032: sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by…
PriorityP429medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
5.85%
92.3th percentile
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)
exploitdb·2002-05-30
CVE-2002-0905 IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)
IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/4891/info
Informix is an enterprise database distributed and maintained by IBM.
A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded string copy of the INFORMIXDIR environment variable to a local buffer. There is at least one setuid root executable that is vulnerable, `sqlexec'. A malicious user may exploit the overflow condition in sqlexec to gain root privileges.
#include
#include
#include
#include
#include
#include
#include
#define BUFFERSIZE 2032
/* linux x86 shellcode */
char lunixshell[] = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80"
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8
Exploit-DB
PHP-Nuke 4.x/5.x - SQL_Debug Information Disclosure
exploitdb·2002-01-18
CVE-2002-2032 PHP-Nuke 4.x/5.x - SQL_Debug Information Disclosure
PHP-Nuke 4.x/5.x - SQL_Debug Information Disclosure
---
source: https://www.securityfocus.com/bid/3906/info
PHPNuke is a website creation/maintenance tool. It is can be back-ended by a number of database products such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc.
The sql_layer.php script contains a debugging feature that may be used by attackers to disclose sensitive information about all SQL queries made by PHPNuke. Access to the debugging feature is not restricted to administrators.
This may be used by a remote attacker to disclose sensitive information about the database which may contribute to further attacks against the website running PHPNuke and the database.
It is not known whether PostNuke is also affected by this issue.
The following URLs may be used to access the de
No writeups or analysis indexed.
2002-12-31
Published