Summary
In PHP-Nuke, the sql_layer.php script contains a debugging feature that may be used by attackers to disclose sensitive information about all SQL queries. Access to the debugging feature is not restricted to administrators.
Solution
Add '$sql_debug = 0
' in config.php.
Severity
Classification
-
CVE CVE-2002-2032 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities