SQL injection vulnerability in the Books module of PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the cid parameter.
phpnuke book