CVE-2008-0147

Name of the Vulnerable Software and Affected Versions SmallNuke versions 2.0.4 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the user email parameter and possibly the username parameter in a Members action when magic quotes gpc is disabled.

Recommendations For versions 2.0.4 and earlier, consider disabling the execution of SQL commands from user input until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the user email and username parameters in the affected Members action until the issue is resolved.