CVE-2003-1210

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 5.x through 6.5

Description The issue concerns SQL injection vulnerabilities in the Downloads module. Remote attackers can execute arbitrary SQL commands by manipulating the lid parameter to the getit function or the min parameter to the search function.

Recommendations For PHP-Nuke versions 5.x through 6.5, consider restricting access to the Downloads module until a fix is available. As a temporary workaround, avoid using the lid parameter in the getit function and the min parameter in the search function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.