CVE-2009-0672

RavenNuke 2.30 - Authenticated SQL Injection via Resend_Email Module user_prefix Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0672. PoCs published by waraxe.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in RavenNuke 2.3.0, including remote PHP code execution via uninitialized arrays in 'avatarlist.php' and insecure 'eval()' usage in the 'Your Account' module, SQL injection in the 'Resend_Email' module, and local file detection in 'captcha.php'. It provides technical analysis, vulnerable code fragments, and proof-of-concept test cases.

Description

SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by waraxe · textwebappsphp

https://www.exploit-db.com/exploits/8068

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in RavenNuke 2.3.0, including remote PHP code execution via uninitialized arrays in 'avatarlist.php' and insecure 'eval()' usage in the 'Your Account' module, SQL injection in the 'Resend_Email' module, and local file detection in 'captcha.php'. It provides technical analysis, vulnerable code fragments, and proof-of-concept test cases.

Classification

Writeup 100%

Attack Type

Rce | Sqli | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: RavenNuke 2.3.0

Auth required

Prerequisites: Attacker must be logged in as a user for some exploits · Admin rights required for certain vulnerabilities

MITRE ATT&CK