CVE-2006-6234

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 6.0 and possibly other versions

Description The issue concerns SQL injection vulnerabilities in the Content module. Remote attackers can execute arbitrary SQL commands via specific parameters in certain actions. The vulnerable parameters are cid in a "list pages categories" action and pid in a "showpage" action.

Recommendations For PHP-Nuke version 6.0, consider restricting access to the Content module until a fix is available. As a temporary workaround, avoid using the cid parameter in the "list pages categories" action and the pid parameter in the "showpage" action to minimize the risk of exploitation.