Arbitrary SQL Operations Vulnerability in PHP-Nuke 5.x

Arbitrary SQL Operations Vulnerability in PHP-Nuke 5.x

CVE-2001-1025 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.