CVE-2006-5525

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 7.9 and earlier

Description The issue allows remote attackers to conduct SQL injection attacks due to an incomplete blacklist vulnerability in the mainfile.php file. This is demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php, using sequences such as "//UNION " or " UNION//" that are not rejected by the protection mechanism.

Recommendations For PHP-Nuke versions 7.9 and earlier, consider restricting access to the Encyclopedia module in modules.php until a fix is available, and avoid using the eid parameter in search actions to minimize the risk of exploitation.