Total vulnerabilities in the database
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.
| Software | From | Fixed in |
|---|---|---|
| francisco_burzi / php-nuke | 7.2 | 7.2.x |
| francisco_burzi / php-nuke | 7.8 | 7.8.x |
| francisco_burzi / php-nuke | 7.0_final | 7.0_final.x |
| francisco_burzi / php-nuke | 7.3 | 7.3.x |
| francisco_burzi / php-nuke | 7.6 | 7.6.x |
| francisco_burzi / php-nuke | 7.7 | 7.7.x |
| francisco_burzi / php-nuke | 7.1 | 7.1.x |