Sql injection

2008-08-0720:41:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.0%

JSON

SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php.

CPENameOperatorVersion
basis_consultant_book_catalogeq1.0

CPE	Name	Operator	Version
	basis_consultant_book_catalog	eq	1.0

References

packetstorm.linuxsecurity.com/0810-exploits/phpnukebook-sql.txt

secunia.com/advisories/32500

www.securityfocus.com/archive/1/497929/100/0/threaded

www.securityfocus.com/bid/30511

www.securityfocus.com/bid/30511/exploit

exchange.xforce.ibmcloud.com/vulnerabilities/44434