PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection

2003-05-13T00:00:00
ID EXPLOITPACK:0A0529FFAC9AA586C59AFDDD63933A64
Type exploitpack
Reporter Albert Puigsech Galicia
Modified 2003-05-13T00:00:00

Description

PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection

                                        
                                            source: https://www.securityfocus.com/bid/7588/info

PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks. 

http://www.example.com/modules.php?name=Downloads&d_op=getit&lid=2%20<our_code>

where <our_code> represents SQL code that can be injected.