<<< Date Index >>>     <<< Thread Index >>>

PHP-Nuke SQL Injection




Version: PHP-Nuke 6.6
Language: PHP
Web site: phpnuke.org
Status: Vendor has been notified

There's an SQL injection hole in modules.php.

http://phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=59%20or%20cid=2

This is from not filtering 'cid', it should be checked that it is only numeric 
with is_numeric(). This hole could allow viewing of password hashes if the 
database is mysql 4.x.

This may effect other versions.