CVE-2007-0372

Name of the Vulnerable Software and Affected Versions: PHP-Nuke version 7.9

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different PHP files, including the active parameter in "admin/modules/modules.php", the ad class, imageurl, clickurl, ad code, or position parameter in "modules/Advertising/admin/index.php". Additionally, unspecified vectors in the advertising, weblinks, or reviews section are also affected.

Recommendations: For PHP-Nuke version 7.9, consider disabling the admin/modules/modules.php and modules/Advertising/admin/index.php files until a patch is available. Restrict access to the advertising, weblinks, and reviews sections to minimize the risk of exploitation. Avoid using the active, ad class, imageurl, clickurl, ad code, and position parameters in the affected API endpoints until the issue is resolved.