Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1061 β€” SQL Injection in Burzi Php-nuke

7 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
67.0%
top 1.44%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedFeb 22
Latest updateMay 1

Description

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

β–ΆNVDfrancisco_burzi/php-nuke8.0_final

πŸ”΄Vulnerability Details

2
GHSA
GHSA-gc2g-x5rg-rmjg: SQL injection vulnerability in index↗2022-05-01
β–Ά
CVEList
CVE-2007-1061: SQL injection vulnerability in index↗2007-02-22
β–Ά

πŸ’₯Exploits & PoCs

4
Exploit-DB
Core Image Fun House 2.0 (OSX) - Arbitrary Code Execution (PoC)β†—2008-07-11
β–Ά
Exploit-DB
PHP-Nuke 8.0 Final - 'INSERT' SQL Injection↗2007-02-20
β–Ά
Exploit-DB
PHP-Nuke 8.0 Final - HTTP Referers SQL Injection↗2007-02-20
β–Ά
Exploit-DB
PHP-Nuke 8.0 Final - 'INSERT' Blind SQL Injection (MySQL)β†—2007-02-20
β–Ά
CVE-2007-1061 β€” SQL Injection in Burzi Php-nuke | cvebase