CVE-2001-1025

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 5.x

Description The issue allows remote attackers to perform arbitrary SQL operations. This is achieved by modifying the prefix variable when calling scripts that do not already define the prefix variable, such as article.php, which may include mainfile.php.

Recommendations For PHP-Nuke version 5.x, consider restricting access to scripts that do not define the prefix variable to minimize the risk of exploitation. As a temporary workaround, avoid using the prefix variable in affected scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.