[原文]PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com .
PHP Nuke article.php contains a flaw that may allow a malicious user to perform arbitrary SQL operations. The issue is triggered when modifying the $prefix variable of article.php. If a remote attacker knows the database name that PHP-Nuke is using, and the webserver is able to connect to it without a password, it is possible that the attacker can submit his own value for the $prefix variable and modify SQL queries to gain unauthorized administrative access to the database, resulting in loss of confidentiality and integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Francisco Burzi PHP-Nuke 5.0.1
Francisco Burzi PHP-Nuke 5.0
PHP-Nuke reportedly contains a vulnerability introduced in a new feature which may permit remote attackers to execute almost arbitrary SQL queries.
In version 5.x of PHP-Nuke, the administrator can set an arbitrary prefix for the database table names. Because it is a prefix for PHP-Nuke tables, this variable is included in many SQL queries used by PHP-Nuke.
If remote clients can submit their own value for 'prefix', they can alter SQL query strings so that almost arbitrary database operations are performed.
This vulnerability can be exploited with a web browser.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.