CVE-2004-1932

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 6.x through 7.2

Description The issue allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. This is possible due to a SQL injection vulnerability in the auth.php and admin.php files.

Recommendations For PHP-Nuke versions 6.x through 7.2, consider restricting access to the admin.php and auth.php files until a patch is available. As a temporary workaround, avoid using the admin parameter in the affected files to minimize the risk of exploitation.