CVE-2002-1242
PHP-Nuke < 6.0 - Authenticated SQL Injection via Bio Argument
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1242. PoCs published by kill9.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in PHP-Nuke 5.6 by manipulating the 'bio' parameter in a user account update request. The injected SQL modifies the user's password hash to a known value (md5(1)), allowing unauthorized access.
Description
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in PHP-Nuke 5.6 by manipulating the 'bio' parameter in a user account update request. The injected SQL modifies the user's password hash to a known value (md5(1)), allowing unauthorized access.