CVE-2006-5720

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 7.9 and earlier

Description: A SQL injection issue exists in the Journal module, specifically in the modules/journal/search.php file, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the forwhat parameter.

Recommendations: For PHP-Nuke versions 7.9 and earlier, consider restricting access to the vulnerable search.php file in the Journal module until a patch is available. As a temporary workaround, avoid using the forwhat parameter in the affected module to minimize the risk of exploitation.