CVE-2005-3792

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions prior to 7.9 with patch 3.1

Description The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities in the Search module. This can be demonstrated via the query parameter in a stories type.

Recommendations For versions prior to 7.9 with patch 3.1, update to version 7.9 with patch 3.1 to resolve the issue. As a temporary workaround, consider restricting access to the Search module until the update is applied. Avoid using the query parameter in the affected stories type until the issue is resolved.