CVE-2006-0908 Information

Description

PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /2a (/*) sequences with the \ad_click\ word in the query string as demonstrated via the kala parameter.

Reference

http://securityreason.com/securityalert/497 http://www.securityfocus.com/archive/1/426083/100/0/threaded http://www.waraxe.us/advisory-47.html