PHPNuke Category Parameter SQL Injection Vulnerability

It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the 'index.php' page.

PHPNuke versions 6.9 and prior have been reported to be prone to this issue, however other versions may be affected as well.


 

Privacy Statement
Copyright 2010, SecurityFocus