Security Advisory

CVE-2021-30177

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-07 10:48:16

Last updated 2024-08-03 22:24:59

Assigner mitre

State PUBLISHED

Description

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.

← Browse all CVEs View on cve.org ↗