Vulnerability Description
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php-Nuke | Downloads Module | 8.0 |
Related Weaknesses (CWE)
References
- http://1337day.com/exploits/15481
- http://osvdb.org/51633
- http://osvdb.org/77349
- http://www.exploit-db.com/exploits/18148
- http://www.securityfocus.com/archive/1/500335/100/0/threaded
- http://www.securityfocus.com/bid/33410Exploit
- http://www.securityfocus.com/bid/50770
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48186
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71475
- http://1337day.com/exploits/15481
- http://osvdb.org/51633
- http://osvdb.org/77349
- http://www.exploit-db.com/exploits/18148
- http://www.securityfocus.com/archive/1/500335/100/0/threaded
- http://www.securityfocus.com/bid/33410Exploit
FAQ
What is CVE-2009-0302?
CVE-2009-0302 is a vulnerability with a CVSS score of 4.6 (MEDIUM). SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operati...
How severe is CVE-2009-0302?
CVE-2009-0302 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0302?
Check the references section above for vendor advisories and patch information. Affected products include: Php-Nuke Downloads Module.