Application: php-nuke
Version: 7.9 or below
Vendor’s URL: http://www.phpnuke.org
Bug type: Sql Injection
Risk: Medium
Solution:
- Turn off register globals
- You can modify the source code adding in the /index.php file some like this:
$cat = ($_GET['cat']) ? filter($_GET['cat'], “nohtml”) : ”;
- That’s a momentary solution to the problem. We recommend to get the PHP-Nuke 8.0 version.
- Use another product.
