There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
References
Link | Resource |
---|---|
https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-07T10:48:16
Updated: 2021-04-07T10:48:16
Reserved: 2021-04-06T00:00:00
Link: CVE-2021-30177
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-07T11:15:12.293
Modified: 2021-04-13T21:38:06.470
Link: CVE-2021-30177
JSON object: View
Redhat Information
No data.
CWE