CVE-2006-0907 Information

Description

SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /2a (/*) sequences in the query string which bypasses regular expressions that are intended to protect against SQL injection as demonstrated via the kala parameter.

Reference

http://www.securityfocus.com/archive/1/426083/100/0/threaded http://www.waraxe.us/advisory-47.html