SQL Injection Vulnerability in PHP-Nuke Allows Remote Authentication Bypass

SQL Injection Vulnerability in PHP-Nuke Allows Remote Authentication Bypass

CVE-2004-1929 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.

Learn more about our User Device Pen Test.