Search criteria
65 vulnerabilities found for php-nuke by phpnuke
VAR-200412-1226
Vulnerability from variot - Updated: 2024-02-09 22:39Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. This issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke's handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "gte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "6.0"
},
{
"model": "php-nuke",
"scope": "lte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "7.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.7"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.9"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_final"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.0_final"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.1"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.6"
},
{
"model": "burzi php-nuke rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke beta",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.51"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Janek Vind\u203b come2waraxe@yahoo.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1842",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-10271",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-1842",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1842",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-738",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-10271",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2004-1842",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. \nThis issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke\u0027s handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-10271",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=23835",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "9895",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "11195",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2004-1842",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738",
"trust": 0.7
},
{
"db": "XF",
"id": "15596",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6194",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040322 [WARAXE-2004-SA#008 - EASY WAY TO GET SUPERADMIN RIGHTS IN PHPNUKE 6.X-7.1.0]",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "23835",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-77580",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-10271",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2004-1842",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"id": "VAR-200412-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-09T22:39:13.083000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.1,
"url": "https://github.com/faizhaffizudin/case-study-hamsa "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/9895"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/11195"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15596"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15596"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6194"
},
{
"trust": 0.3,
"url": "http://www.irannuke.com/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108006309112075\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/23835/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10271"
},
{
"date": "2004-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"date": "2004-03-16T00:00:00",
"db": "BID",
"id": "9895"
},
{
"date": "2004-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10271"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"date": "2004-03-16T00:00:00",
"db": "BID",
"id": "9895"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"date": "2024-02-08T20:46:14.233000",
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Image Tag management command execution vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
}
}
VAR-200505-1008
Vulnerability from variot - Updated: 2023-12-18 12:40PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke is prone to a information disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "gte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "6.0"
},
{
"model": "php-nuke",
"scope": "lte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "7.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.7"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.9"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.4"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_beta1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_final"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.6"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.3"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.1"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.6"
},
{
"model": "burzi php-nuke rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1028"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "90112"
}
],
"trust": 0.3
},
"cve": "CVE-2005-1028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12237",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1028",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12237",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke is prone to a information disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "VULHUB",
"id": "VHN-12237"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1028",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172",
"trust": 0.7
},
{
"db": "BID",
"id": "90112",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-12237",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"id": "VAR-200505-1008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:40:23.269000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=111272010303144\u0026w=2"
},
{
"trust": 0.3,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=111272010303144\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=111272010303144\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-12237"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "90112"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-12237"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "90112"
},
{
"date": "2019-07-16T12:20:01.417000",
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"date": "2019-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
],
"trust": 0.6
}
}
FKIE_CVE-2021-30177
Vulnerability from fkie_nvd - Published: 2021-04-07 11:15 - Updated: 2024-11-21 06:03
Severity ?
Summary
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8792184-8092-4443-B532-DA3D7139A942",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n SQL en PHP-Nuke versi\u00f3n 8.3.3, en la secci\u00f3n User Registration, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota.\u0026#xa0;Esto ocurre porque el estado de U.S. no est\u00e1 comprobado para tener dos letras y el campo OrderBy no est\u00e1 comprobado para ser uno de LASTNAME, CITY, o STATE"
}
],
"id": "CVE-2021-30177",
"lastModified": "2024-11-21T06:03:27.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-07T11:15:12.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3934
Vulnerability from fkie_nvd - Published: 2014-06-02 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | 8.3 | |
| phpnuke | submit_news_module | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5D174CC8-E370-4CE7-ABCF-E6D1EAF8F261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:submit_news_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77AA5278-4420-4255-8084-B9D5502306A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Submit_News para PHP-Nuke 8.3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro topics[] hacia modules.php."
}
],
"id": "CVE-2014-3934",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-02T14:55:04.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-5083
Vulnerability from fkie_nvd - Published: 2012-02-14 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | 8.0 | |
| phpnuke | web_links_module | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DB1D99-9F35-43A2-AD72-4B495B5F31BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:web_links_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9401BAC9-6D36-442E-9877-4708A8FBD75C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos SQL en el m\u00f3dulo Web_Links para PHP-Nuke v8.0, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro url en una acci\u00f3n Add en modules.php"
}
],
"id": "CVE-2010-5083",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T20:55:02.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3784
Vulnerability from fkie_nvd - Published: 2011-09-24 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DB1D99-9F35-43A2-AD72-4B495B5F31BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
},
{
"lang": "es",
"value": "Francisco Burzi PHP-Nuke v8.0 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con themes/Odyssey/theme.php y algunos otros archivos."
}
],
"id": "CVE-2011-3784",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-24T00:55:02.597",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1480
Vulnerability from fkie_nvd - Published: 2011-06-21 02:52 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| phpnuke | php-nuke | 5.0 | |
| phpnuke | php-nuke | 5.0.1 | |
| phpnuke | php-nuke | 5.1 | |
| phpnuke | php-nuke | 5.2 | |
| phpnuke | php-nuke | 5.3 | |
| phpnuke | php-nuke | 5.3.1 | |
| phpnuke | php-nuke | 5.4 | |
| phpnuke | php-nuke | 5.5 | |
| phpnuke | php-nuke | 5.6 | |
| phpnuke | php-nuke | 6.0 | |
| phpnuke | php-nuke | 6.5 | |
| phpnuke | php-nuke | 6.6 | |
| phpnuke | php-nuke | 6.7 | |
| phpnuke | php-nuke | 6.8 | |
| phpnuke | php-nuke | 6.9 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 7.1 | |
| phpnuke | php-nuke | 7.2 | |
| phpnuke | php-nuke | 7.3 | |
| phpnuke | php-nuke | 7.4 | |
| phpnuke | php-nuke | 7.5 | |
| phpnuke | php-nuke | 7.6 | |
| phpnuke | php-nuke | 7.7 | |
| phpnuke | php-nuke | 7.8 | |
| phpnuke | php-nuke | 7.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A43B27-19D2-4118-B80E-8E225C34BFB1",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA1307E-34B7-4BC1-BBA8-59347330B714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE7B61B-172B-499A-B7E9-BA6EF4BEADCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF21F07-5A08-45BE-BB72-4B48017B76FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4065BB3-A189-4D68-A514-7160C532629A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D18BDCD3-C7E8-4D73-BA36-3A4D245DBE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31A013B9-9A29-4CBE-A6AE-DC83F34BB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2831357B-2252-458A-9ED9-40AE0831FE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA9804-C61A-4172-B3B3-B2E8AC0D4B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BD4C3-71D7-48E2-B3A4-7B1975982D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D84C9E-B703-4285-BE2E-CBF17BA28C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA81E1-E9E9-45F6-8C61-D496888451E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D294C7-FBE3-4D3A-A497-29C3EF6615DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99F22ADA-E201-44CE-8EE9-FEB4170E16C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D714A77C-1771-4648-A68C-D34477B57AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A365BB29-7E19-42E6-AA70-7951F939C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "575CFD4C-90CB-4D38-94F9-3D7915B2F054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en admin.php en la zona de administraci\u00f3n de Francisco Burzi PHP-Nuke v8.0 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro chng_uid.\r\n"
}
],
"id": "CVE-2011-1480",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-21T02:52:42.513",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"source": "secalert@redhat.com",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1482
Vulnerability from fkie_nvd - Published: 2011-06-21 02:52 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| phpnuke | php-nuke | 5.0 | |
| phpnuke | php-nuke | 5.0.1 | |
| phpnuke | php-nuke | 5.1 | |
| phpnuke | php-nuke | 5.2 | |
| phpnuke | php-nuke | 5.3 | |
| phpnuke | php-nuke | 5.3.1 | |
| phpnuke | php-nuke | 5.4 | |
| phpnuke | php-nuke | 5.5 | |
| phpnuke | php-nuke | 5.6 | |
| phpnuke | php-nuke | 6.0 | |
| phpnuke | php-nuke | 6.5 | |
| phpnuke | php-nuke | 6.6 | |
| phpnuke | php-nuke | 6.7 | |
| phpnuke | php-nuke | 6.8 | |
| phpnuke | php-nuke | 6.9 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 7.1 | |
| phpnuke | php-nuke | 7.2 | |
| phpnuke | php-nuke | 7.3 | |
| phpnuke | php-nuke | 7.4 | |
| phpnuke | php-nuke | 7.5 | |
| phpnuke | php-nuke | 7.6 | |
| phpnuke | php-nuke | 7.7 | |
| phpnuke | php-nuke | 7.8 | |
| phpnuke | php-nuke | 7.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A43B27-19D2-4118-B80E-8E225C34BFB1",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA1307E-34B7-4BC1-BBA8-59347330B714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE7B61B-172B-499A-B7E9-BA6EF4BEADCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF21F07-5A08-45BE-BB72-4B48017B76FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4065BB3-A189-4D68-A514-7160C532629A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D18BDCD3-C7E8-4D73-BA36-3A4D245DBE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31A013B9-9A29-4CBE-A6AE-DC83F34BB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2831357B-2252-458A-9ED9-40AE0831FE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA9804-C61A-4172-B3B3-B2E8AC0D4B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BD4C3-71D7-48E2-B3A4-7B1975982D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D84C9E-B703-4285-BE2E-CBF17BA28C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA81E1-E9E9-45F6-8C61-D496888451E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D294C7-FBE3-4D3A-A497-29C3EF6615DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99F22ADA-E201-44CE-8EE9-FEB4170E16C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D714A77C-1771-4648-A68C-D34477B57AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A365BB29-7E19-42E6-AA70-7951F939C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "575CFD4C-90CB-4D38-94F9-3D7915B2F054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en mainfile.php en Francisco Burzi PHP-Nuke v8.0 , permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para (1)agregar cuentas de usuario o (2) la concesi\u00f3n de privilegios de administrador a una cuenta de usuario, relacionado con una comprobaci\u00f3n de Referer que utiliza una comparaci\u00f3n de subcadenas. .\r\n"
}
],
"id": "CVE-2011-1482",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-21T02:52:42.593",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"source": "secalert@redhat.com",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1481
Vulnerability from fkie_nvd - Published: 2011-06-21 02:52 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| phpnuke | php-nuke | 5.0 | |
| phpnuke | php-nuke | 5.0.1 | |
| phpnuke | php-nuke | 5.1 | |
| phpnuke | php-nuke | 5.2 | |
| phpnuke | php-nuke | 5.3 | |
| phpnuke | php-nuke | 5.3.1 | |
| phpnuke | php-nuke | 5.4 | |
| phpnuke | php-nuke | 5.5 | |
| phpnuke | php-nuke | 5.6 | |
| phpnuke | php-nuke | 6.0 | |
| phpnuke | php-nuke | 6.5 | |
| phpnuke | php-nuke | 6.6 | |
| phpnuke | php-nuke | 6.7 | |
| phpnuke | php-nuke | 6.8 | |
| phpnuke | php-nuke | 6.9 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 7.1 | |
| phpnuke | php-nuke | 7.2 | |
| phpnuke | php-nuke | 7.3 | |
| phpnuke | php-nuke | 7.4 | |
| phpnuke | php-nuke | 7.5 | |
| phpnuke | php-nuke | 7.6 | |
| phpnuke | php-nuke | 7.7 | |
| phpnuke | php-nuke | 7.8 | |
| phpnuke | php-nuke | 7.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A43B27-19D2-4118-B80E-8E225C34BFB1",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA1307E-34B7-4BC1-BBA8-59347330B714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE7B61B-172B-499A-B7E9-BA6EF4BEADCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF21F07-5A08-45BE-BB72-4B48017B76FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4065BB3-A189-4D68-A514-7160C532629A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D18BDCD3-C7E8-4D73-BA36-3A4D245DBE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31A013B9-9A29-4CBE-A6AE-DC83F34BB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2831357B-2252-458A-9ED9-40AE0831FE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA9804-C61A-4172-B3B3-B2E8AC0D4B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BD4C3-71D7-48E2-B3A4-7B1975982D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D84C9E-B703-4285-BE2E-CBF17BA28C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA81E1-E9E9-45F6-8C61-D496888451E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D294C7-FBE3-4D3A-A497-29C3EF6615DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99F22ADA-E201-44CE-8EE9-FEB4170E16C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D714A77C-1771-4648-A68C-D34477B57AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A365BB29-7E19-42E6-AA70-7951F939C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "575CFD4C-90CB-4D38-94F9-3D7915B2F054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Francisco Burzi PHP-Nuke v8.0 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro a (1)sender_name o (2)sender_email en la acci\u00f3n Feedback en modules.php.\r\n"
}
],
"id": "CVE-2011-1481",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-21T02:52:42.547",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"source": "secalert@redhat.com",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1842
Vulnerability from fkie_nvd - Published: 2009-06-01 14:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DB1D99-9F35-43A2-AD72-4B495B5F31BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en main/tracking/userLog.php en Francisco Burzi PHP-Nuke v8.0 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante la cabecera \"HTTP Referer\"."
}
],
"id": "CVE-2009-1842",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-01T14:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6728
Vulnerability from fkie_nvd - Published: 2009-04-20 14:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| phpnuke | php-nuke | 5.0 | |
| phpnuke | php-nuke | 5.0.1 | |
| phpnuke | php-nuke | 5.1 | |
| phpnuke | php-nuke | 5.2 | |
| phpnuke | php-nuke | 5.3 | |
| phpnuke | php-nuke | 5.3.1 | |
| phpnuke | php-nuke | 5.4 | |
| phpnuke | php-nuke | 5.5 | |
| phpnuke | php-nuke | 5.6 | |
| phpnuke | php-nuke | 6.0 | |
| phpnuke | php-nuke | 6.5 | |
| phpnuke | php-nuke | 6.6 | |
| phpnuke | php-nuke | 6.7 | |
| phpnuke | php-nuke | 6.8 | |
| phpnuke | php-nuke | 6.9 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 7.1 | |
| phpnuke | php-nuke | 7.2 | |
| phpnuke | php-nuke | 7.3 | |
| phpnuke | php-nuke | 7.4 | |
| phpnuke | php-nuke | 7.5 | |
| phpnuke | php-nuke | 7.6 | |
| phpnuke | php-nuke | 7.7 | |
| phpnuke | php-nuke | 7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC56275-9F65-43B6-A091-68FB42968C2C",
"versionEndIncluding": "7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA1307E-34B7-4BC1-BBA8-59347330B714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE7B61B-172B-499A-B7E9-BA6EF4BEADCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF21F07-5A08-45BE-BB72-4B48017B76FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4065BB3-A189-4D68-A514-7160C532629A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D18BDCD3-C7E8-4D73-BA36-3A4D245DBE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31A013B9-9A29-4CBE-A6AE-DC83F34BB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2831357B-2252-458A-9ED9-40AE0831FE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA9804-C61A-4172-B3B3-B2E8AC0D4B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BD4C3-71D7-48E2-B3A4-7B1975982D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D84C9E-B703-4285-BE2E-CBF17BA28C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA81E1-E9E9-45F6-8C61-D496888451E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D294C7-FBE3-4D3A-A497-29C3EF6615DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99F22ADA-E201-44CE-8EE9-FEB4170E16C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D714A77C-1771-4648-A68C-D34477B57AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A365BB29-7E19-42E6-AA70-7951F939C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el modulo \"Sections\" de PHP-Nuke probablemente en versiones anteriores a v8.0. Permite a usuarios remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"artid\" de una acci\u00f3n printpage solicitada a modules.php."
}
],
"id": "CVE-2008-6728",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-20T14:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52033"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-2020
Vulnerability from fkie_nvd - Published: 2008-04-30 01:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | 0.7.11 | |
| labgab | labgab | 1.1 | |
| my123tkshop | e-commerce-suite | 0.9.1 | |
| opendb | opendb | 1.5.0 | |
| phpmybittorrent | phpmybittorrent | 1.2.2 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 8.1 | |
| torrentflux_project | torrentflux | 2.3 | |
| webze | webze | 0.5.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:labgab:labgab:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3310461-272D-43C7-A8AA-589A7254FEF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:my123tkshop:e-commerce-suite:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC59E14-E4F7-4E9F-BE4E-98CD5797B45E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opendb:opendb:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0D1D7CD9-80EA-4D43-AB3A-BF833DB9F144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmybittorrent:phpmybittorrent:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20B593A2-9634-4AA0-8D63-CECA6391BEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8442671-45B5-48F6-905F-41A8FD3BF301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux_project:torrentflux:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B86EC9-2E6B-4BDE-B131-8BD82500D041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webze:webze:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA1E599-AC63-40AA-A3B9-6585CDABFFE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
},
{
"lang": "es",
"value": "La implementaci\u00f3n CAPTCHA como se utiliza en (1) Francisco Burzi PHP-Nuke 7.0 y 8.1, (2) my123tkShop e-Commerce-Suite (tambi\u00e9n conocido como 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (tambi\u00e9n conocido como OpenDb) 1.5.0b4, y (8) Labgab 1.1; utiliza una imagen de fondo code_bg.jpg y la funci\u00f3n de PHP ImageString de una forma que no produce un n\u00famero suficiente de im\u00e1genes diferentes; esto permite a atacantes remotos pasar el test CAPTCHA mediante un ataque autom\u00e1tico utilizando una tabla con todas las sumas de validaci\u00f3n (checksum) de im\u00e1genes posibles y sus cadenas de d\u00edgitos correspondientes."
}
],
"id": "CVE-2008-2020",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2008-04-30T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-30177 (GCVE-0-2021-30177)
Vulnerability from cvelistv5 – Published: 2021-04-07 10:48 – Updated: 2024-08-03 22:24
VLAI?
Summary
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-07T10:48:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47",
"refsource": "MISC",
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30177",
"datePublished": "2021-04-07T10:48:16",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3934 (GCVE-0-2014-3934)
Vulnerability from cvelistv5 – Published: 2014-06-02 14:00 – Updated: 2024-09-17 03:28
VLAI?
Summary
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-02T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3934",
"datePublished": "2014-06-02T14:00:00Z",
"dateReserved": "2014-06-02T00:00:00Z",
"dateUpdated": "2024-09-17T03:28:04.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5083 (GCVE-0-2010-5083)
Vulnerability from cvelistv5 – Published: 2012-02-14 20:00 – Updated: 2024-08-07 04:09
VLAI?
Summary
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14589",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"name": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm",
"refsource": "MISC",
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5083",
"datePublished": "2012-02-14T20:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3784 (GCVE-0-2011-3784)
Vulnerability from cvelistv5 – Published: 2011-09-24 00:00 – Updated: 2024-09-16 20:02
VLAI?
Summary
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3784",
"datePublished": "2011-09-24T00:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T20:02:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1481 (GCVE-0-2011-1481)
Vulnerability from cvelistv5 – Published: 2011-06-21 01:00 – Updated: 2024-09-16 23:51
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1481",
"datePublished": "2011-06-21T01:00:00Z",
"dateReserved": "2011-03-21T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:16.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1480 (GCVE-0-2011-1480)
Vulnerability from cvelistv5 – Published: 2011-06-21 01:00 – Updated: 2024-09-17 02:36
VLAI?
Summary
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1480",
"datePublished": "2011-06-21T01:00:00Z",
"dateReserved": "2011-03-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:14.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1482 (GCVE-0-2011-1482)
Vulnerability from cvelistv5 – Published: 2011-06-21 01:00 – Updated: 2024-09-16 20:47
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1482",
"datePublished": "2011-06-21T01:00:00Z",
"dateReserved": "2011-03-21T00:00:00Z",
"dateUpdated": "2024-09-16T20:47:40.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1842 (GCVE-0-2009-1842)
Vulnerability from cvelistv5 – Published: 2009-06-01 14:00 – Updated: 2024-08-07 05:27
VLAI?
Summary
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35117"
},
{
"name": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html",
"refsource": "MISC",
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1842",
"datePublished": "2009-06-01T14:00:00",
"dateReserved": "2009-06-01T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6728 (GCVE-0-2008-6728)
Vulnerability from cvelistv5 – Published: 2009-04-20 14:06 – Updated: 2024-08-07 11:41
VLAI?
Summary
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"refsource": "OSVDB",
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6728",
"datePublished": "2009-04-20T14:06:00",
"dateReserved": "2009-04-20T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30177 (GCVE-0-2021-30177)
Vulnerability from nvd – Published: 2021-04-07 10:48 – Updated: 2024-08-03 22:24
VLAI?
Summary
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-07T10:48:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47",
"refsource": "MISC",
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30177",
"datePublished": "2021-04-07T10:48:16",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3934 (GCVE-0-2014-3934)
Vulnerability from nvd – Published: 2014-06-02 14:00 – Updated: 2024-09-17 03:28
VLAI?
Summary
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-02T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3934",
"datePublished": "2014-06-02T14:00:00Z",
"dateReserved": "2014-06-02T00:00:00Z",
"dateUpdated": "2024-09-17T03:28:04.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5083 (GCVE-0-2010-5083)
Vulnerability from nvd – Published: 2012-02-14 20:00 – Updated: 2024-08-07 04:09
VLAI?
Summary
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14589",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"name": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm",
"refsource": "MISC",
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5083",
"datePublished": "2012-02-14T20:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3784 (GCVE-0-2011-3784)
Vulnerability from nvd – Published: 2011-09-24 00:00 – Updated: 2024-09-16 20:02
VLAI?
Summary
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3784",
"datePublished": "2011-09-24T00:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T20:02:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1481 (GCVE-0-2011-1481)
Vulnerability from nvd – Published: 2011-06-21 01:00 – Updated: 2024-09-16 23:51
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1481",
"datePublished": "2011-06-21T01:00:00Z",
"dateReserved": "2011-03-21T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:16.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1480 (GCVE-0-2011-1480)
Vulnerability from nvd – Published: 2011-06-21 01:00 – Updated: 2024-09-17 02:36
VLAI?
Summary
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1480",
"datePublished": "2011-06-21T01:00:00Z",
"dateReserved": "2011-03-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:14.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1482 (GCVE-0-2011-1482)
Vulnerability from nvd – Published: 2011-06-21 01:00 – Updated: 2024-09-16 20:47
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1482",
"datePublished": "2011-06-21T01:00:00Z",
"dateReserved": "2011-03-21T00:00:00Z",
"dateUpdated": "2024-09-16T20:47:40.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1842 (GCVE-0-2009-1842)
Vulnerability from nvd – Published: 2009-06-01 14:00 – Updated: 2024-08-07 05:27
VLAI?
Summary
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35117"
},
{
"name": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html",
"refsource": "MISC",
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1842",
"datePublished": "2009-06-01T14:00:00",
"dateReserved": "2009-06-01T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6728 (GCVE-0-2008-6728)
Vulnerability from nvd – Published: 2009-04-20 14:06 – Updated: 2024-08-07 11:41
VLAI?
Summary
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"refsource": "OSVDB",
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6728",
"datePublished": "2009-04-20T14:06:00",
"dateReserved": "2009-04-20T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}