SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.