2 matches found
CVE-2006-0163
The CVE-2006-0163 entry describes a concrete SQL injection vulnerability in the PHPNuke EV 7.7 -R1 Search module (modules/Search/index.php). The flaw allows remote attackers to inject arbitrary SQL via the query parameter used by the search field, enabling potential data access or manipulation. I...
CVE-2006-0679
PHP-Nuke 7.8 and earlier is vulnerable to a SQL injection in the Your_Account module (index.php) via the username field, enabling remote attackers to manipulate SQL queries. The vulnerability is demonstrated in the Your_Account workflow (e.g., new_user) where user input is not properly sanitized ...