CVE-2007-1061

PHP-Nuke < 8.0_final - SQL Injection via HTTP Referer Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-1061. PoCs published by krasza.

AI-analyzed exploit summary This exploit leverages a SQL injection vulnerability in PHP-Nuke <=8.0 Final by manipulating the HTTP Referer header to extract admin credentials (username and password hash) from the database. The exploit sends crafted Referer headers to trigger the vulnerability and retrieves the data via the 'HTTP Referers' block on the target page.

Description

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).

Exploits (3)

exploitdb WORKING POC VERIFIED
by krasza · perlwebappsphp
https://www.exploit-db.com/exploits/3346

This exploit leverages a SQL injection vulnerability in PHP-Nuke <=8.0 Final by manipulating the HTTP Referer header to extract admin credentials (username and password hash) from the database. The exploit sends crafted Referer headers to trigger the vulnerability and retrieves the data via the 'HTTP Referers' block on the target page.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: PHP-Nuke <=8.0 Final
No auth needed
Prerequisites: HTTP Referers block must be enabled on the target PHP-Nuke installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by krasza · perlwebappsphp
https://www.exploit-db.com/exploits/3345

This exploit leverages a SQL injection vulnerability in PHP-Nuke <=8.0 Final to insert a new superadmin user into the database. It bypasses authentication by injecting malicious SQL into the referer header.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: PHP-Nuke <=8.0 Final
No auth needed
Prerequisites: Target must be running PHP-Nuke <=8.0 Final with a vulnerable database backend (PostgreSQL, MSSQL, etc.)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by krasza · perlwebappsphp
https://www.exploit-db.com/exploits/3344

This exploit demonstrates a blind SQL injection attack against PHP-Nuke <= 8.0 Final, using brute force to extract admin credentials via time-based queries. It leverages the `benchmark` function to infer data by measuring response times.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: PHP-Nuke <= 8.0 Final
No auth needed
Prerequisites: Target must be running PHP-Nuke <= 8.0 Final with MySQL >= 4.0.24 · Blind SQL injection vulnerability in INSERT syntax must be present
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22638
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3346
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32607
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/33316
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/461148/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0673
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24224

Scores

EPSS 0.6077
EPSS Percentile 99.0%

Details

Status published
Products (1)
francisco_burzi/php-nuke < 8.0_final
Published Feb 22, 2007
Tracked Since Feb 18, 2026