CVE-2003-1340

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 5.6 and 6.5

Description The issue allows remote authenticated users to execute arbitrary SQL commands via a uid (user) cookie to modules.php. Additionally, remote attackers can execute arbitrary SQL commands via an aid (admin) cookie to the Web Links module in a viewlink, MostPopular, or NewLinksDate action.

Recommendations For PHP-Nuke version 5.6, update to a version that addresses the SQL injection vulnerabilities. For PHP-Nuke version 6.5, update to a version that addresses the SQL injection vulnerabilities. As a temporary workaround, consider restricting access to the modules.php and Web Links module to minimize the risk of exploitation. Avoid using the uid and aid cookies in the affected modules until the issue is resolved.