Re: PHP Nuke <= 7.8 Multiple SQL Injections

To: evaders99@xxxxxxxxx
Subject: Re: PHP Nuke <= 7.8 Multiple SQL Injections
From: Paul Laudanski <zx@xxxxxxxxxxxxxx>
Date: Thu, 15 Sep 2005 19:46:10 -0400 (EDT)
Cc: bugtraq@xxxxxxxxxxxxxxxxx, <bugs@xxxxxxxxxxxxxxxxxxx>, <moderators@xxxxxxxxx>, <news@xxxxxxxxxxxxxx>, <vuln@xxxxxxxxxxx>
In-reply-to: <20050914195932.24381.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

On 14 Sep 2005 evaders99@xxxxxxxxx wrote:

> I'd just like to report as a solution: the Nuke Patched files. These are 
> being developed to cover all the latest vulnerabilities, and to fix issues 
> with previous versions of phpNuke.
> 
> These changes will be implemented to our CVS and package downloads soon.

The PHP-Nuke vendor @ http://phpnuke.org has already released a security
fix to this immediately.  It is strongly advised to run the patch.

Read the vendor's disclosure:

http://phpnuke.org/modules.php?name=News&file=article&sid=7434

The patch is for all PHP-Nuke 7.8 and older.

-- 
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops(SM), http://castlecops.com

________ Information from Computer Cops, L.L.C. ________
This message was checked by NOD32 Antivirus System for Linux Mail Server.

  part000.txt - is OK
http://castlecops.com

References:
- Re: PHP Nuke <= 7.8 Multiple SQL Injections
  - From: evaders99

Prev by Date: Re: worring about YaST in SuSE 9.3 and maybe lower
Next by Date: Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox
Previous by thread: Re: PHP Nuke <= 7.8 Multiple SQL Injections
Next by thread: [OpenPKG-SA-2005.021] OpenPKG Security Advisory (squid)
Index(es):
- Date
- Thread