CVE-2006-5720

Francisco Burzi Php-nuke < 7.9 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paisterist · phpwebappsphp

https://www.exploit-db.com/exploits/28885

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/22617

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29940

[Various Sources] http://www.neosecurityteam.net/index.php?action=advisories&id=29

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/450183/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/20829

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4295

[Third Party Advisory] http://securityreason.com/securityalert/1812

Scores

EPSS 0.0025

EPSS Percentile 48.2%

Details

Status published

Products (10)

francisco_burzi/php-nuke 7.0

francisco_burzi/php-nuke 7.1

francisco_burzi/php-nuke 7.2

francisco_burzi/php-nuke 7.3

francisco_burzi/php-nuke 7.4

francisco_burzi/php-nuke 7.5

francisco_burzi/php-nuke 7.6

francisco_burzi/php-nuke 7.7

francisco_burzi/php-nuke 7.8

francisco_burzi/php-nuke < 7.9

Published Nov 04, 2006

Tracked Since Feb 18, 2026