CVE-2004-1972

Name of the Vulnerable Software and Affected Versions PHP-Nuke Video Gallery Module version 0.1 Beta 5

Description The issue allows remote attackers to execute arbitrary SQL code. This can be achieved by manipulating the clipid or catid parameters in a "viewclip", "viewcat", or "voteclip" action.

Recommendations For PHP-Nuke Video Gallery Module version 0.1 Beta 5, consider restricting access to the vulnerable parameters clipid and catid in the affected actions until a patch is available. As a temporary workaround, avoid using the parameters clipid and catid in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.