Phase:SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.
ReferencesBUGTRAQ:Monday, March 15, 2004 [waraxe-2004-SA#007 - XSS and SQL injection bugs in 4nguestbook module for PhpNuke] | URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0139.html | XF:4nguestbook-modules-xss(15478) | URL:http://xforce.iss.net/xforce/
Votes:Assigned (Tuesday, August 16, 2005)
Comments:None (candidate not yet proposed)
F7: