Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x up to and including 6.5 allow remote malicious users to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
francisco burzi php-nuke 6.5_beta1 |
||
francisco burzi php-nuke 6.5_final |
||
francisco burzi php-nuke 6.5_rc1 |
||
francisco burzi php-nuke |
||
francisco burzi php-nuke 6.5_rc2 |
||
francisco burzi php-nuke 6.5_rc3 |