PHPNuke Forum Module Viewforum.PHP SQL Injection Vulnerability

It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to inject SQL commands and queries into the SQL database used by PHPNuke.


 

Privacy Statement
Copyright 2010, SecurityFocus