PHP-Nuke Multiple SQL Injection Vulnerabilities

PHP-Nuke Multiple SQL Injection Vulnerabilities

Multiple SQL injection vulnerabilities were reported in the 'Members_List' and 'Your_Account' modules of PHP-Nuke. This is due to insufficient sanitization of externally supplied data which is used to construct SQL queries. A remote attacker may take advantage of these issues to inject malicious data into SQL queries, possibly resulting in modification of query logic. This may be exploited to compromise the PHP-Nuke web portal. Other attacks are also possible.