CVE-2005-0997

PHP-Nuke 7.6 - SQL Injection via Web_Links Module Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0997. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in the Web_Links module of PHP-Nuke 7.6. It includes multiple example URLs demonstrating how unsanitized user input can be exploited to manipulate SQL queries.

Description

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Maksymilian Arciemowicz · textwebappsphp

https://www.exploit-db.com/exploits/25360

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in the Web_Links module of PHP-Nuke 7.6. It includes multiple example URLs demonstrating how unsanitized user input can be exploited to manipulate SQL queries.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: PHP-Nuke 7.6 (Web_Links module)

No auth needed

Prerequisites: Access to the vulnerable PHP-Nuke instance · Web_Links module enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111289685724764&w=2

Scores

EPSS 0.0142

EPSS Percentile 69.3%

Details

Status published

Products (1)

francisco_burzi/php-nuke 7.6

Published May 02, 2005

Tracked Since Feb 18, 2026