From ChatServ at Nuke Cops
Recently a sql injection vulnerability has been reported that relates to the Downloads and Web Links modules where an admin account can be created by passing a sql line through the $cid variable, i have patched both modules not only to block this code to be passed through the $cid variable but on all similar variables as well, patch your websites.
Download for PHP-Nuke 6.5-6.9
Download for PHP-Nuke 6.0
Admin Note:I have updated the v6.9 download pack, from this site, as of 10/9/2003 18:25 to include these patches.
These files have been updated since this message was posted! You need to download them again by clicking on the pertinent link above!!
Downloads & Web Links vulnerability PatchPosted on Thursday, October 09, 2003 @ 11:47:50 CDT in Security Associated Topics
  |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
