CVE-2005-0996

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 7.6

Description The issue concerns SQL injection vulnerabilities in the Downloads module. Remote attackers can inject arbitrary web script or HTML via specific parameters, including the email or url parameters in the Add function, the min parameter in the viewsdownload function, or the min parameter in the search function.

Recommendations For PHP-Nuke version 7.6, consider restricting access to the vulnerable parameters email, url, and min in the affected functions until a patch is available. As a temporary workaround, disabling the Downloads module or limiting its functionality can help minimize the risk of exploitation.