PHP-Nuke SQL Injection Protection Bypass and Multiple SQL Injection Vulnerabilities

PHP-Nuke SQL Injection Protection Bypass and Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URI strings demonstrate bypassing the SQL-injection-protection feature:

http://www.example.com/nuke/?%2f*

http://www.example.com/html80/?%2f**/UNION%2f**/SELECT