CVE-2004-0269

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 6.9 and earlier PHP-Nuke version 7.x

Description The issue allows remote attackers to inject arbitrary SQL code and gain sensitive information. This can be achieved via the category variable in the "Search" module or the admin variable in the "Web Links" module.

Recommendations For PHP-Nuke versions 6.9 and earlier, update to a version later than 6.9 to resolve the issue. For PHP-Nuke version 7.x, consider disabling the Search and Web Links modules until a patch is available. As a temporary workaround, restrict access to the vulnerable modules to minimize the risk of exploitation.