cpe:/a:php-nuke:downloads_module:8.0 CVE-2009-0302 2009-01-27T15:30:05.187-05:00 2017-08-07T21:33:52.767-04:00 4.6 NETWORK HIGH SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-28T10:36:00.000-05:00 ALLOWS_OTHER_ACCESS EXPLOIT-DB 18148 BUGTRAQ 20090123 PHP-Nuke 8.0 Downloads Blind Sql Injection BID 33410 BID 50770 OSVDB 51633 OSVDB 77349 XF downloads-module-sql-injection(48186) MISC http://1337day.com/exploits/15481 XF phpnuke-uri-sql-injection(71475) SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.