Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php-nuke | Francisco_burzi | * | 6.5 (including) |
Php-nuke | Francisco_burzi | 6.5_beta1 (including) | 6.5_beta1 (including) |
Php-nuke | Francisco_burzi | 6.5_final (including) | 6.5_final (including) |
Php-nuke | Francisco_burzi | 6.5_rc1 (including) | 6.5_rc1 (including) |
Php-nuke | Francisco_burzi | 6.5_rc2 (including) | 6.5_rc2 (including) |
Php-nuke | Francisco_burzi | 6.5_rc3 (including) | 6.5_rc3 (including) |