PHP-Nuke 6.0 - 'modules.php' SQL Injection

EDB-ID:

21862

CVE:

N/A




Platform:

PHP

Date:

2002-09-25


source: https://www.securityfocus.com/bid/5799/info

A SQL injection vulnerability has been discovered in PHPNuke.

Due to insufficient sanitization of variables used in SQL queries, it is possible to modify the logic of SQL queries.

This issue could result in a denial of service attack or the corruption of database information.

This issue was reported in PHPNuke version 6.0. Other versions may also be affected. 

http://www.nukesite.com/modules.php?name=News&file=article&sid=1234%20or%
201=1