CVE-2003-1210

PHP-Nuke < 6.5 - SQL Injection via Downloads Module Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1210. PoCs published by Albert Puigsech Galicia.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in PHP-Nuke's Downloads module. It provides a URL example demonstrating how malicious SQL syntax can be injected via the 'lid' parameter.

Description

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Albert Puigsech Galicia · textwebappsphp
https://www.exploit-db.com/exploits/22597

This is a writeup describing a SQL injection vulnerability in PHP-Nuke's Downloads module. It provides a URL example demonstrating how malicious SQL syntax can be injected via the 'lid' parameter.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PHP-Nuke (version not specified)
No auth needed
Prerequisites: Access to the target PHP-Nuke instance with the Downloads module enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11984
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/7588
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html

Scores

EPSS 0.0537
EPSS Percentile 91.6%

Details

Status published
Products (6)
francisco_burzi/php-nuke 6.5_beta1
francisco_burzi/php-nuke 6.5_final
francisco_burzi/php-nuke 6.5_rc1
francisco_burzi/php-nuke 6.5_rc2
francisco_burzi/php-nuke 6.5_rc3
francisco_burzi/php-nuke < 6.5
Published Dec 31, 2003
Tracked Since Feb 18, 2026