CVE-2006-5525
PHP-Nuke 7.9 and earlier are affected by an incomplete blacklist in mainfile.php that fails to reject UNION-based SQL injection payloads. The vulnerability can be triggered via the eid parameter in the Encyclopedia module (modules.php) using patterns such as //UNION or UNION/ /. The root cause is...