|
Description
|
|
Multiple vulnerabilities have been identified in PHP-Nuke, which could be exploited by remote attackers to bypass security checks and execute arbitrary SQL queries.
The first issue is caused by an input validation error in the "mainfile.php" script that fails to properly validate encoded strings, which could be exploited to bypass the SQL injection filter.
The second vulnerability is caused by input validation errors in the "viewlinkcomments()", "viewlinkeditorial()", "ratelink()", "viewdownloadeditorial()", "viewdownloadcomments()" and "ratedownload()" functions when processing the "lid" parameter, which could be exploited to conduct SQL injection attacks.
|
