CVE-2002-2032

PHP-Nuke <5.4 - Info Disclosure

Title source: llm

Description

sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by zataz.com · textwebappsphp

https://www.exploit-db.com/exploits/21233

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3906

Exploit, URL Repurposed x_refsource_misc

http://www.securityfaq.com/unixfocus/5OP041P6BE.html

Scores

EPSS 0.0003

EPSS Percentile 9.3%

Details

Status published

Products (14)

francisco_burzi/php-nuke 1.0

francisco_burzi/php-nuke 2.5

francisco_burzi/php-nuke 3.0

francisco_burzi/php-nuke 4.0

francisco_burzi/php-nuke 4.3

francisco_burzi/php-nuke 4.4

francisco_burzi/php-nuke 4.4.1a

francisco_burzi/php-nuke 5.0

francisco_burzi/php-nuke 5.0.1

francisco_burzi/php-nuke 5.1

... and 4 more

Published Dec 31, 2002

Tracked Since Feb 18, 2026