SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote malicious users to execute arbitrary SQL statements via the itemid parameter.
nucleus group nucleus cms 3.01