Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: PHP :: phpnsql.txt

PHPNuke SQl Injection

Version: PHP-Nuke 6.6
Language: PHP
Web site:
Status: Vendor has been notified

There's an SQL injection hole in modules.php.


This is from not filtering 'cid', it should be checked that it is only numeric with is_numeric(). This hole could allow viewing of password hashes if the database is mysql 4.x.

This may effect other versions.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH