Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0461SQL Injection in Burzi Php-nuke

CWE-89SQL Injection4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
4.3%
top 11.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedJan 25
Latest updateMay 1

Description

SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-58jg-8r7f-phv2: SQL injection vulnerability in index2022-05-01
CVEList
CVE-2008-0461: SQL injection vulnerability in index2008-01-25

💥Exploits & PoCs

1
Exploit-DB
PHP-Nuke 8.0 Final - 'sid' SQL Injection2008-01-22
CVE-2008-0461 — SQL Injection in Burzi Php-nuke | cvebase