CVE-2002-2032

sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-2032
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
francisco_burzi / php-nuke	4.0	4.0.x
francisco_burzi / php-nuke	5.3.1	5.3.1.x
francisco_burzi / php-nuke	5.1	5.1.x
francisco_burzi / php-nuke	4.3	4.3.x
francisco_burzi / php-nuke	1.0	1.0.x
francisco_burzi / php-nuke	4.4	4.4.x
francisco_burzi / php-nuke	2.5	2.5.x
francisco_burzi / php-nuke	3.0	3.0.x
francisco_burzi / php-nuke	5.0	5.0.x
francisco_burzi / php-nuke	5.4	5.4.x
francisco_burzi / php-nuke	5.2a	5.2a.x
francisco_burzi / php-nuke	5.0.1	5.0.1.x
francisco_burzi / php-nuke	5.2	5.2.x
francisco_burzi / php-nuke	4.4.1a	4.4.1a.x

http://www.securityfaq.com/unixfocus/5OP041P6BE.html
http://www.securityfocus.com/bid/3906

Vulnerability Database

289,697

CVE-2002-2032