VULHUB ™

PHP-Nuke is a website creation/maintenance tool written in PHP3. Many of the scripts in PHP-Nuke fail to properly validate user-supplied input. This can permit an attacker to corrupt SQL queries that include unfiltered user-supplied variables. This vulnerability is known to exist in the 'reviews.php' script. NOTE: This problem is associated with PHP 3, as PHP 4 has features in places to filter malicious content from requests.

PHP-Nuke is a website creation/maintenance tool written in PHP3. Many of the scripts in PHP-Nuke fail to properly validate user-supplied input. This can permit an attacker to corrupt SQL queries that include unfiltered user-supplied variables. This vulnerability is known to exist in the 'reviews.php' script. NOTE: This problem is associated with PHP 3, as PHP 4 has features in places to filter malicious content from requests.