PHP-Nuke User/Admin Cookie SQL Injection Vulnerability

info
discussion
exploit
solution
references

PHP-Nuke User/Admin Cookie SQL Injection Vulnerability

PHP-Nuke, with Web_Links module and one link active, is reported to be prone to SQL injection attacks during authentication. This is due to insufficient sanitization of cookie values, which will be used in database queries. This could permit an attacker to inject SQL code and ultimately disclose admin and user password hashes.