SQL Injection Vulnerability! Date: Sunday, February 08 @ 14:38:08 CET Topic: Security Sites are being exposed even as I write this! This is still in 7.0 and 7.1. Check your modules/Reviews/index.php file for the following code. There should be 2 instances. WHERE id=$id If you have it, then you MUST modify it to WHERE id='$id' . Otherwise your admin passwords can be exposed. They are still encrypted, but depending on how serious someone was to get them, they might! please note that Chatserv's Patches have this fix in them. An advisory to those using Nuke Cops PHP-Nuke Bundle, this has been fixed in 2003 already. This article comes from NukeCops http://www.nukecops.com The URL for this story is: http://www.nukecops.com/modules.php?name=News&file=article&sid=1560