Key Information Summary Vulnerability Type User-level Authentication Bypass Affected Software phpBB forum module in PhpNuke PhpNuke CMS versions 6.x-7.2 Vulnerability Description SQL Injection: - The code decodes in at lines 20-21, allowing it to potentially contain unescaped single quotes, leading to SQL injection. - This vulnerability occurs during the user authentication process, specifically within the function, which handles SQL queries during login requests. Exploitation Method Crafting Malicious Requests: - By creating a cookie containing the special string and encoding it with , an attacker can generate a malicious HTTP request. - Example URL: SQL Injection Exploitation: - Exploiting the SQL injection vulnerability, attackers can construct queries to bypass authentication and retrieve information for any user. - For example, by crafting a specific parameter, an attacker can log in as an administrator or any other user: - - Base64 encoded: Accessing Private Messages: - Using a similar technique, attackers can access the private message list of any user by including a specific parameter in the private message access URL. - Example URL: