Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-205: PHP-Nuke EasyContent Module 'page_id' Parameter Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-205: PHP-Nuke EasyContent Module 'page_id' Parameter Vulnerability
# 1  
Old 02-26-2008
S-205: PHP-Nuke EasyContent Module 'page_id' Parameter Vulnerability
The PHP-Nuke EasyContent module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The risk is LOW. Expoiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

XSS vulnerability found via injection in the parameter address

Mods please move if posted in wrong section, I wasnt sure where to ask this one. There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability... (0 Replies)
Discussion started by: crombiecrunch
0 Replies

2. Solaris

Installing ZIP module for PHP

Hi Guys, I am using SOLARIS 10 and I want to install ZIP module for PHP. I went to this link http://pecl.php.net/package/zip and I choose zip-1.12.3.tgz, the latest "stable" release, and then transferred it to my server. Then I went to my path /usr/local/apache2/conf then untar the... (1 Reply)
Discussion started by: Phuti
1 Replies

3. UNIX for Dummies Questions & Answers

How do I list kernel module parameter values?

Hi, I have problem with parameter configuration. My question is after the configuration, how to check if successfully change the value or not? I saw someone has the same question, and followed his steps. Original thread:... (3 Replies)
Discussion started by: skybb
3 Replies

4. UNIX for Dummies Questions & Answers

PHP Module

Ok..i've installed Apache 1.3.14, and it runs... BUT...I can't figure out how to get the php-4.0.4 module to run, and i've read through the install file and EVERYTYHING, aafter about 10 attempts I pissed myself off enough to goto sleep...Can anyone suggest a place to look for a lil bit more help?... (10 Replies)
Discussion started by: ComTec
10 Replies
Login or Register to Ask a Question

LEARN ABOUT PHP

mysql_unbuffered_query

MYSQL_UNBUFFERED_QUERY(3)						 1						 MYSQL_UNBUFFERED_QUERY(3)

mysql_unbuffered_query - Send an SQL query to MySQL without fetching and buffering the result rows.

SYNOPSIS

       Warning

	      This  extension  is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should
	      be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

		     oSee: Buffered and Unbuffered queries

       resource mysql_unbuffered_query (string	$query, [resource  $link_identifier = NULL])

DESCRIPTION

       mysql_unbuffered_query(3) sends the  SQL  query	$query	to  MySQL  without  automatically  fetching  and  buffering  the  result  rows	as
       mysql_query(3)  does. This saves a considerable amount of memory with SQL queries that produce large result sets, and you can start working
       on the result set immediately after the first row has been retrieved as you don't have to wait until the complete SQL query has	been  per-
       formed.	To use mysql_unbuffered_query(3) while multiple database connections are open, you must specify the optional parameter $link_iden-
       tifier to identify which connection you want to use.

	      o $query
		- The SQL query to execute.  Data inside the query should be properly escaped.

	      o $
		link_identifier -The MySQL connection. If the link identifier is not specified,  the  last  link  opened  by  mysql_connect(3)	is
		assumed. If no such link is found, it will try to create one as if mysql_connect(3) was called with no arguments. If no connection
		is found or established, an E_WARNING level error is generated.

	For SELECT, SHOW, DESCRIBE or EXPLAIN statements, mysql_unbuffered_query(3) returns a resource on success, or FALSE on error.

	For other type of SQL statements, UPDATE, DELETE, DROP, etc, mysql_unbuffered_query(3) returns TRUE on success or FALSE on error.

       Note

	       The benefits of mysql_unbuffered_query(3) come at a cost: you cannot use mysql_num_rows(3) and mysql_data_seek(3) on a  result  set
	      returned	from  mysql_unbuffered_query(3), until all rows are fetched. You also have to fetch all result rows from an unbuffered SQL
	      query before you can send a new SQL query to MySQL, using the same $link_identifier.

       mysql_query(3).

PHP Documentation Group 												 MYSQL_UNBUFFERED_QUERY(3)