CVE-2006-6200

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 7.9 and earlier

Description The issue concerns SQL injection vulnerabilities in the rate article and rate complete functions within the News module of PHP-Nuke. These vulnerabilities can be exploited when magic quotes gpc is disabled, allowing remote attackers to execute arbitrary SQL commands via the sid parameter.

Recommendations For PHP-Nuke versions 7.9 and earlier, consider disabling the rate article and rate complete functions in the News module until a patch is available. Restrict access to the News module to minimize the risk of exploitation. Avoid using the sid parameter in affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.