PHP-Nuke Multiple Module SQL Injection Vulnerabilities

Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke administrative accounts. Other attacks may also be possible, such as gaining access to sensitive information.

Some of these issues may overlap with previously reported SQL injection vulnerabilities in PHP-Nuke, but have all been reportedly addressed in PHP-Nuke 7.0.


 

Privacy Statement
Copyright 2010, SecurityFocus