• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHP-Nuke Lang Parameter Local File Include and SQL Injection Vulnerabilities

PHP-Nuke is prone to local file-include and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue could allow an attacker to retrieve arbitary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

These issues affect version 8.0; other versions may also be vulnerable.