CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 4CVE-2009-0302 – PHP-Nuke 8.1.0.3.5b - 'Downloads' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-0302
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php. Vulnerabilidad de inyección SQL en el módulo Downloads 8.0 para PHP-Nuke, cuando "register_globals" está activado y "magic_quotes" está desactivado, permite a usuarios autenticados remotamente ejecutar comandos SQL de su elección a través del parámetro "url" en una operación Add (Añadir) a modules.php. • https://www.exploit-db.com/exploits/18148 https://www.exploit-db.com/exploits/32747 http://1337day.com/exploits/15481 http://osvdb.org/51633 http://osvdb.org/77349 http://www.exploit-db.com/exploits/18148 http://www.securityfocus.com/archive/1/500335/100/0/threaded http://www.securityfocus.com/bid/33410 http://www.securityfocus.com/bid/50770 https://exchange.xforce.ibmcloud.com/vulnerabilities/48186 https://exchange.xforce.ibmcloud.com/vulnerabilities/71475 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •