VULHUB ™

PHP-Nuke fails to properly validate user-supplied input. This can permit an attacker to maliciously restructure SQL queries in such a way that they return sensitive system information, including user account information and password hashes for arbitrary users. Properly exploited, this could permit an attacker to read and write arbitrary files, and exeute arbitrary code with the privilege level of the webserver process.

PHP-Nuke fails to properly validate user-supplied input. This can permit an attacker to maliciously restructure SQL queries in such a way that they return sensitive system information, including user account information and password hashes for arbitrary users. Properly exploited, this could permit an attacker to read and write arbitrary files, and exeute arbitrary code with the privilege level of the webserver process.