Patch your search module:
under /* Category Selection */
add:
$category = intval($category);
and change:
$categ = "AND catid=$category ";
to:
$categ = "AND catid='$category' ";
PHPNuke Category Parameter SQL Injection VulnerabilityPosted on Sunday, February 15, 2004 @ 15:19:00 UTC in Security
|
UPDATE! New SQL Injection Issues In Nuke!Posted on Tuesday, February 10, 2004 @ 16:23:34 UTC in Security
|
Hack Alert Script UpdatedPosted on Tuesday, February 10, 2004 @ 13:18:38 UTC in Security
|
Hack Alert Script ReleasedPosted on Monday, February 09, 2004 @ 04:43:28 UTC in Security
|
Script To Confront Hackers WithPosted on Thursday, February 05, 2004 @ 20:19:40 UTC in Security
|
Sec-Fix Patch SFPPosted on Wednesday, February 04, 2004 @ 23:02:33 UTC in Security
|