Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-205: PHP-Nuke EasyContent Module 'page_id' Parameter Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-205: PHP-Nuke EasyContent Module 'page_id' Parameter Vulnerability
# 1  
Old 02-26-2008
S-205: PHP-Nuke EasyContent Module 'page_id' Parameter Vulnerability
The PHP-Nuke EasyContent module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The risk is LOW. Expoiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

XSS vulnerability found via injection in the parameter address

Mods please move if posted in wrong section, I wasnt sure where to ask this one. There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability... (0 Replies)
Discussion started by: crombiecrunch
0 Replies

2. Solaris

Installing ZIP module for PHP

Hi Guys, I am using SOLARIS 10 and I want to install ZIP module for PHP. I went to this link http://pecl.php.net/package/zip and I choose zip-1.12.3.tgz, the latest "stable" release, and then transferred it to my server. Then I went to my path /usr/local/apache2/conf then untar the... (1 Reply)
Discussion started by: Phuti
1 Replies

3. UNIX for Dummies Questions & Answers

How do I list kernel module parameter values?

Hi, I have problem with parameter configuration. My question is after the configuration, how to check if successfully change the value or not? I saw someone has the same question, and followed his steps. Original thread:... (3 Replies)
Discussion started by: skybb
3 Replies

4. UNIX for Dummies Questions & Answers

PHP Module

Ok..i've installed Apache 1.3.14, and it runs... BUT...I can't figure out how to get the php-4.0.4 module to run, and i've read through the install file and EVERYTYHING, aafter about 10 attempts I pissed myself off enough to goto sleep...Can anyone suggest a place to look for a lil bit more help?... (10 Replies)
Discussion started by: ComTec
10 Replies
Login or Register to Ask a Question

LEARN ABOUT PHP

sqlsrv_errors

SQLSRV_ERRORS(3)														  SQLSRV_ERRORS(3)

sqlsrv_errors - Returns error and warning information about the last SQLSRV operation performed

SYNOPSIS

       mixed sqlsrv_errors ([int  $errorsOrWarnings])

DESCRIPTION

	Returns error and warning information about the last SQLSRV operation performed.

PARAMETERS

	      o $errorsOrWarnings
		-  Determines  whether error information, warning information, or both are returned. If this parameter is not supplied, both error
		information and warning information are returned. The following are the supported values for this parameter: SQLSRV_ERR_ALL,  SQL-
		SRV_ERR_ERRORS, SQLSRV_ERR_WARNINGS.

RETURN VALUES

	If errors and/or warnings occurred on the last sqlsrv operation, an array of arrays containing error information is returned. If no errors
       and/or warnings occurred on the last sqlsrv operation, NULL is returned. The following  table  describes  the  structure  of  the  returned
       arrays:

       Array returned by sqlsrv_errors

       +---------+---------------------------------------------------+
       |  Key	 |						     |
       |	 |						     |
       |	 |		      Description		     |
       |	 |						     |
       +---------+---------------------------------------------------+
       |SQLSTATE |						     |
       |	 |						     |
       |	 | For	errors	that originate from the ODBC driver, |
       |	 | the SQLSTATE returned by ODBC.  For	errors	that |
       |	 | originate  from the Microsoft Drivers for PHP for |
       |	 | SQL Server, a SQLSTATE  of  IMSSP.  For  warnings |
       |	 | that originate from the Microsoft Drivers for PHP |
       |	 | for SQL Server, a SQLSTATE of 01SSP. 	     |
       |	 |						     |
       |  code	 |						     |
       |	 |						     |
       |	 | For errors that originate from  SQL	Server,  the |
       |	 | native  SQL	Server	error  code. For errors that |
       |	 | originate from the ODBC driver,  the  error	code |
       |	 | returned  by ODBC. For errors that originate from |
       |	 | the Microsoft Drivers for PHP for SQL Server, the |
       |	 | Microsoft  Drivers  for  PHP for SQL Server error |
       |	 | code.					     |
       |	 |						     |
       |message  |						     |
       |	 |						     |
       |	 |	      A description of the error.	     |
       |	 |						     |
       +---------+---------------------------------------------------+
EXAMPLES

       Example #1

	      functionname(3) example

	      <?php
	      $serverName = "serverName/sqlexpress";
	      $connectionInfo = array( "Database"=>"dbName", "UID"=>"username", "PWD"=>"password");
	      $conn = sqlsrv_connect( $serverName, $connectionInfo);
	      if( $conn === false ) {
		   die( print_r( sqlsrv_errors(), true));
	      }

	      /* Set up a query to select an invalid column name. */
	      $sql = "SELECT BadColumnName FROM Table_1";

	      /* Execution of the query will fail because of the bad column name. */
	      $stmt = sqlsrv_query( $conn, $sql );
	      if( $stmt === false ) {
		  if( ($errors = sqlsrv_errors() ) != null) {
		      foreach( $errors as $error ) {
			  echo "SQLSTATE: ".$error[ 'SQLSTATE']."<br />";
			  echo "code: ".$error[ 'code']."<br />";
			  echo "message: ".$error[ 'message']."<br />";
		      }
		  }
	      }
	      ?>

NOTES

	By default, warnings generated on a call to any SQLSRV function are treated as errors. This means that if a warning occurs on a call to  a
       SQLSRV  function, the function returns FALSE. However, warnings that correspond to SQLSTATE values 01000, 01001, 01003, and 01S02 are never
       treated as errors. For information about changing this behavior, see sqlsrv_configure(3) and the WarningsReturnAsErrors setting.

SEE ALSO

       sqlsrv_configure(3).

PHP Documentation Group 													  SQLSRV_ERRORS(3)