CVE-2008-0147

SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via 1 the useremail parameter and possibly 2 username parameter in a Members action...

CVE-2008-0147

CVE-2008-0147 affects SmallNuke versions up to 2.0.4 where magic_quotes_gpc is disabled. The SQL injection is triggered in index.php via the user_email parameter and possibly the username parameter in a Members action, allowing remote attackers to execute arbitrary SQL commands. This entry lists ...