PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection

Author: Albert Puigsech Galicia
type: webapps
platform: php
port: 
date_added: 2003-05-13  
date_updated: 2012-11-10  
verified: 1  
codes: CVE-2003-1210;OSVDB-20206  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22597.txt  

source: https://www.securityfocus.com/bid/7588/info

PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks.

http://www.example.com/modules.php?name=Downloads&d_op=getit&lid=2%20<our_code>

where <our_code> represents SQL code that can be injected.