CVE-2007-0309

Francisco Burzi Php-nuke < 7.9 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paisterist · phpwebappsphp

https://www.exploit-db.com/exploits/29453

View Code ZIP pw:eip

References (8)

[Exploit] http://www.securityfocus.com/bid/22037

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/31482

[Various Sources] http://www.neosecurityteam.net/advisories/PHP-Nuke--7.9-Old-Articles-Block-cat-SQL-Injection-vulnerability-31.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/456787/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/32863

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017511

[Third Party Advisory] http://secunia.com/advisories/23748

[Third Party Advisory] http://securityreason.com/securityalert/2153

Scores

EPSS 0.3568

EPSS Percentile 97.1%

Details

Status published

Products (1)

francisco_burzi/php-nuke < 7.9

Published Jan 18, 2007

Tracked Since Feb 18, 2026