PHP-Nuke 6.6 is susceptible to a SQL injection attack and leakage of password hashes (if MySQL 4.x is used) due to a lack of filtering in modules.php.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/31794/phpnuke66.txt
Source: https://packetstormsecurity.com/files/31794/phpnuke66.txt.html