PHP-Nuke Public Message SQL Injection Vulnerability

It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to the module. As a result, an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information.


 

Privacy Statement
Copyright 2010, SecurityFocus