CVE-2009-0302

PHP-Nuke <8.1.0.3.5b - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Sina Yazdanmehr · textwebappsphp

https://www.exploit-db.com/exploits/32747

View Code ZIP pw:eip

exploitdb WORKING POC

by Dante90 · perlwebappsphp

https://www.exploit-db.com/exploits/18148

View Code ZIP pw:eip

References (9)

[Various Sources] http://1337day.com/exploits/15481

[Third Party Advisory, VDB Entry] http://osvdb.org/51633

[Third Party Advisory, VDB Entry] http://osvdb.org/77349

[Exploit] http://www.securityfocus.com/bid/33410

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48186

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71475

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500335/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/50770

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/18148

Scores

EPSS 0.0058

EPSS Percentile 68.9%

Details

CWE

CWE-89

Status published

Products (1)

php-nuke/downloads_module 8.0

Published Jan 27, 2009

Tracked Since Feb 18, 2026