2 matches found
CVE-2008-6728
CVE-2008-6728 affects the PHP-Nuke Sections module, where an SQL injection is possible through the artid parameter in a printpage action to modules.php. The vulnerability arises from unsafely constructed SQL in the Sections module, enabling remote attackers to inject arbitrary SQL commands. The v...
CVE-2009-1842
PHP-Nuke 8.0 is affected by a SQL injection in main/tracking/userLog.php that allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. Documented as CVE-2009-1842 with CVSS v2 base score 7.5 (network, low complexity, no auth). Affected product: PHP-Nuke; vulnerabilit...