Unrated severityNVD Advisory· Published Apr 7, 2021· Updated Aug 3, 2024
CVE-2021-30177
CVE-2021-30177
Description
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
Affected products
2- PHP/Nukedescription
Patches
Vulnerability mechanics
References
1- gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.