NukeCops - Security Hole!!

Anyone using PHP-Nuke's Downloads module should deactive it and patch it! The patch is simple, open modules/Downloads/index.php in a text editor and find function viewdownload and place $cid = intval($cid); right after the global line. There is a new attack that will list your sites admin account with aid's and passwords if you do not use this patch.

You need to do the same thing in the function viewlink in modules/Web_Links/index.php . This is a quick fix and I'm sure a better fix can be made but this cures the problem for now.

Hi'ya and thanks for sharing. I like to bring this back to the public's attention to ensure this does not go untouched. For complete and enhanced details about the download patch read the original Nuke Cops publication here. Patch away!