Description
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Albert Puigsech Galicia · textwebappsphp
https://www.exploit-db.com/exploits/22597
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11984
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7588
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html
Scores
EPSS
0.0003
EPSS Percentile
10.1%
Details
Status
published
Products (6)
francisco_burzi/php-nuke
6.5_beta1
francisco_burzi/php-nuke
6.5_final
francisco_burzi/php-nuke
6.5_rc1
francisco_burzi/php-nuke
6.5_rc2
francisco_burzi/php-nuke
6.5_rc3
francisco_burzi/php-nuke
< 6.5
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026