cbcvebase.
CVE-2007-1061
published 2007-02-22

CVE-2007-1061: SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers…

PriorityP353medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
60.77%
99.0th percentile
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).

Affected

1 ranges
VendorProductVersion rangeFixed in
francisco_burziphp-nuke<= 8.0_final

Detection & IOCsextracted from sources · hover to see the quote

pathindex.php
commandhttp://www.krasza.int.pl');INSERT INTO `nuke_authors` VALUES ('krasza', 'God', 'http://www.krasza.int.pl', '[email protected]', '61af1f6e572d7fe3a72f54a6ac53830e', '0', '1', '
commandhttp://www.krasza.int.pl'),(NULL,(SELECT `pwd` FROM `nuke_authors` WHERE `radminsuper`=1))/*
commandhttp://www.krasza.int.pl'),(NULL,(SELECT `aid` FROM `nuke_authors` WHERE `radminsuper`=1))/*
  • Inspect the HTTP Referer header on all requests to index.php for SQL metacharacters, particularly single quotes followed by SQL keywords such as INSERT, SELECT, or comment sequences (/* or --).
  • Alert on Referer headers containing INSERT INTO `nuke_authors` payloads, which indicate an attempt to create a rogue superadmin account.
  • Alert on Referer headers containing subqueries targeting `nuke_authors` with `radminsuper`=1, indicating credential extraction via the HTTP Referers block display.
  • Blind time-based SQLi variant uses BENCHMARK() in the Referer header; monitor for anomalously slow responses to index.php correlated with Referer values containing BENCHMARK or IF() constructs.
  • The exploit targets the 'HTTP Referers' block feature specifically; disabling this block removes the injection surface entirely.
  • ·The SQL injection is only exploitable when the 'HTTP Referers' block is enabled in PHP-Nuke; installations with this block disabled are not affected.
  • ·The INSERT-based exploit (EDB-3345) is stated to work on every database except MySQL; the blind time-based exploit (EDB-3344) is MySQL-specific using BENCHMARK().
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.