hello there is three new php-nuke 6.0 sql injection vulnerabilities. unfortunatelly, these still isn't publically announced (thanks bugtraq..), but patches and description exists at this site: http://www.phpsecure.info/
at least one of this vulnerability is used for example by brazilian h4x0r called himself as 'freeck', which used it to propagate image with antiwar and '0wn3d' message. i believe, that this message will be useful for phpnuke admins.
pgp00000.pgp
Description: PGP signature
