phpnuke 'lid' Parameter SQL Injection Vulnerability

Bugtraq ID:	52945
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 05 2012 12:00AM
Updated:	Apr 05 2012 12:00AM
Credit:	CrAzY_CrAcKeR
Vulnerable:	PHP-Nuke phpnuke 0
Not Vulnerable:

phpnuke 'lid' Parameter SQL Injection Vulnerability

An attacker can exploit the issue using a browser.

The following example data is available:

http://www.example.com/modules.php?name=Downloads&d_op=viewdownloadeditorial&lid=(sql)

phpnuke 'lid' Parameter SQL Injection Vulnerability

References:

• phpnuke Homepage (PHP-Nuke)
  
• PHPNuke Module's Name Download SQL Injection Vulnerabilities (CrAzY_CrAcKeR)