This is a technical writeup detailing an SQL injection vulnerability in PHP-Nuke's downloads module. The vulnerability occurs in the `ratedownload` function when `register_globals` is enabled, allowing arbitrary SQL injection via the `lid` parameter.