PHPNuke Category Parameter SQL Injection Vulnerability

Posted on Sunday, February 15, 2004 @ 14:19:00 CST in Security
by chatserv

Patch your search module:
under /* Category Selection */
add:
$category = intval($category);
and change:
$categ = "AND catid=$category ";
to:
$categ = "AND catid='$category' ";
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • Raven
Server TrafficServer Traffic
  • Total: 571,025,942
  • Today: 45,329
Server InfoServer Info
  • Jul 19, 2026
  • 08:32 am CDT