From ChatServ at Nuke Cops
Recently a sql injection vulnerability has been reported that relates to the Downloads and Web Links modules where an admin account can be created by passing a sql line through the $cid variable, i have patched both modules not only to block this code to be passed through the $cid variable but on all similar variables as well, patch your websites.
Download for PHP-Nuke 6.5-6.9
Download for PHP-Nuke 6.0
Admin Note:I have updated the v6.9 download pack, from this site, as of 10/9/2003 18:25 to include these patches.
These files have been updated since this message was posted! You need to download them again by clicking on the pertinent link above!!
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=187
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=187