VYPR
Unrated severityNVD Advisory· Published Apr 7, 2021· Updated Aug 3, 2024

CVE-2021-30177

CVE-2021-30177

Description

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2021-30177 · VYPR