PHPNuke Category Parameter SQL Injection Vulnerability

Posted on Sunday, February 15, 2004 @ 14:19:00 CST in Security
by chatserv

Patch your search module:
under /* Category Selection */
add:
$category = intval($category);
and change:
$categ = "AND catid=$category ";
to:
$categ = "AND catid='$category' ";
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • Raven
Server TrafficServer Traffic
  • Total: 570,935,141
  • Today: 79,442
Server InfoServer Info
  • Jul 18, 2026
  • 01:30 pm CDT