Nuked-Klan index.php SQL injection

nuked-klan-index-sql-injection (22847) The risk level is classified as MediumMedium Risk

Description:

Nuked-Klan is vulnerable to SQL injection. A remote attacker could send a specially-crafted request the index.php script containing a SQL statement in the forum_id, link_id, or artid parameters, which will allow the attacker to add, modify or delete user information in the back-end database.

Platforms Affected:

  • Nuked-Klan, Nuked-Klan

Remedy:

No remedy available as of February 16, 2009.

Consequences:

Data Manipulation

References:

  • Neohapsis Archives #0024 Sat Oct 22 2005 , Nuked klan 1.7: SQL vulnerability at http://archives.neohapsis.com/archives/secunia/2005-q4/0287.html.
  • Nuked-Klan Web site, www.Nuked-Klan.Org :: Le Portail PHP pour les Clan at http://www.nuked-klan.org/.
  • BID-15181: Nuked Klan Multiple SQL Injection Vulnerabilities
  • CVE-2005-3305: Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file.
  • OSVDB ID: 20337: Nuked-KlaN Links Module link_id Variable SQL Injection
  • OSVDB ID: 20338: Nuked-KlaN Forum Module Multiple Variable SQL Injection
  • OSVDB ID: 20339: Nuked-KlaN Sections Module artid Variable SQL Injection
  • OSVDB ID: 20340: Nuked-KlaN Download Module dl_id Variable SQL Injection
  • SA17304: Nuked-Klan Script Insertion and SQL Injection Vulnerabilities
  • VUPEN/ADV-2005-2189: Nuked-Klan SQL Injection and Cross Site Scripting Vulnerabilities

Reported:

Oct 22, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page