Bugsman

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 5.6 and 6.5 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands via a `uid` (user) cookie to `modules.php`. Additionally, remote attackers can execute arbitrary SQL commands via an `aid` (admin) cookie to the Web Links module in a `viewlink`, `MostPopular`, or `NewLinksDate` action. **Recommendations** For PHP-Nuke version 5.6, update to a version that addresses the SQL injection vulnerabilities. For PHP-Nuke version 6.5, update to a version that addresses the SQL injection vulnerabilities. As a temporary workaround, consider restricting access to the `modules.php` and Web Links module to minimize the risk of exploitation. Avoid using the `uid` and `aid` cookies in the affected modules until the issue is resolved.