PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection

EDB-ID:

22589




Platform:

PHP

Date:

2003-05-12


source: https://www.securityfocus.com/bid/7558/info

It has been reported that multiple input validation bugs exist in the Web_Links module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitation could result in compromise of the web forums or more severe consequences. 

http://www.example.com/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=2%20<our_code>

where <our_code> represents attacker-supplied SQL code.