CVE-2006-5525

2006-10-26T16:07:00
ID CVE-2006-5525
Type cve
Reporter cve@mitre.org
Modified 2017-10-19T01:29:00

Description

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "//UNION " or (2) " UNION//" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.