Phpnuke - Php-nuke CVE

Filtered by vendor Phpnuke Subscribe

Filtered by product Php-nuke

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-30177	1 Phpnuke	1 Php-nuke	2021-04-13	7.5 HIGH	9.8 CRITICAL
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.

Vulnerabilities (CVE)