Downloads & Web Links vulnerability Patch Date: Thursday, October 09 @ 13:22:50 CEST Topic: Bug Fixes Recently a sql injection vulnerability has been reported that relates to the Downloads and Web Links modules where an admin account can be created by passing a sql line through the $cid variable, i have patched both modules not only to block this code to be passed through the $cid variable but on all similar variables as well, patch your websites. Download for PHP-Nuke 6.5-6.9 Download for PHP-Nuke 6.0 To those that already downloaded the patch please download again, another check was added. This article comes from NukeCops http://www.nukecops.com The URL for this story is: http://www.nukecops.com/modules.php?name=News&file=article&sid=796