CVE-2006-0908 β€” SQL Injection in Burzi Php-nuke

6 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 95.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedFeb 28
Latest updateMay 1

Description

PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

β–ΆNVDfrancisco_burzi/php-nuke7.8_patched_3.2

πŸ”΄Vulnerability Details

2
GHSA
GHSA-4w9p-gpm7-68jj: PHP-Nuke 7β†—2022-05-01
β–Ά
CVEList
CVE-2006-0908: PHP-Nuke 7β†—2006-02-28
β–Ά

πŸ’¬Community

2
Bugzilla
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)β†—2007-02-20
β–Ά
Bugzilla
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)β†—2007-02-16
β–Ά
CVE-2006-0908 β€” SQL Injection in Burzi Php-nuke | cvebase