PHPNuke Category Parameter SQL Injection Vulnerability Date: Sunday, February 15, 2004 @ 3:03 PM CST Topic: Security Advisory Patch your search module: under /* Category Selection */ add: $category = intval($category); and change: $categ = "AND catid=$category "; to: $categ = "AND catid='$category' "; This article comes from Nuke Resources http://www.nukeresources.com The URL for this story is: http://www.nukeresources.com/modules.php?name=News&file=article&sid=582