SQL Injection and Cross-Site Scripting (XSS) Vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9

SQL Injection and Cross-Site Scripting (XSS) Vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9

CVE-2004-2354 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.

Learn more about our Cis Benchmark Audit For Oracle Mysql.