CVE-2005-0997

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 7.6

Description The issue concerns SQL injection vulnerabilities in the Web Links module. Remote attackers can execute arbitrary SQL commands through various parameters in different functions, including email or url in the Add function, url in the modifylinkrequestS function, orderby or min in the viewlink function, orderby, min, or show in the search function, or ratenum in the MostPopular function.

Recommendations For PHP-Nuke version 7.6, consider restricting access to the Web Links module until a fix is available. As a temporary workaround, avoid using the vulnerable parameters email, url, orderby, min, show, and ratenum in their respective functions. Additionally, restrict the use of the modifylinkrequestS, viewlink, search, and MostPopular functions to minimize the risk of exploitation.