All the vulnerabilites related to phpnuke - php-nuke
cve-2010-5083
Vulnerability from cvelistv5
Published
2012-02-14 20:00
Modified
2024-08-07 04:09
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/14589 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61012 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14589",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"name": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm",
"refsource": "MISC",
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5083",
"datePublished": "2012-02-14T20:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6728
Vulnerability from cvelistv5
Published
2009-04-20 14:06
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/499656/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/52033 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=123073887531700&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"refsource": "OSVDB",
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6728",
"datePublished": "2009-04-20T14:06:00",
"dateReserved": "2009-04-20T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1450
Vulnerability from cvelistv5
Published
2007-03-14 18:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/462443/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/22909 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070310 PHP-Nuke \u003c= 8.0 Cookie Manipulation (lang)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462443/100/0/threaded"
},
{
"name": "22909",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070310 PHP-Nuke \u003c= 8.0 Cookie Manipulation (lang)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462443/100/0/threaded"
},
{
"name": "22909",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070310 PHP-Nuke \u003c= 8.0 Cookie Manipulation (lang)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462443/100/0/threaded"
},
{
"name": "22909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1450",
"datePublished": "2007-03-14T18:00:00",
"dateReserved": "2007-03-14T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1842
Vulnerability from cvelistv5
Published
2009-06-01 14:00
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35117 | vdb-entry, x_refsource_BID | |
| http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50818 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35117"
},
{
"name": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html",
"refsource": "MISC",
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1842",
"datePublished": "2009-06-01T14:00:00",
"dateReserved": "2009-06-01T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1480
Vulnerability from cvelistv5
Published
2011-06-21 01:00
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/03/23/7 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/03/30/6 | mailing-list, x_refsource_MLIST | |
| http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1480",
"datePublished": "2011-06-21T01:00:00Z",
"dateReserved": "2011-03-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:14.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3784
Vulnerability from cvelistv5
Published
2011-09-24 00:00
Modified
2024-09-16 20:02
Severity ?
EPSS score ?
Summary
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-list, x_refsource_MLIST | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README | x_refsource_MISC | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3784",
"datePublished": "2011-09-24T00:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-16T20:02:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1449
Vulnerability from cvelistv5
Published
2007-03-14 18:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/462443/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/22909 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/24484 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/462588/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070310 PHP-Nuke \u003c= 8.0 Cookie Manipulation (lang)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462443/100/0/threaded"
},
{
"name": "22909",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22909"
},
{
"name": "24484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24484"
},
{
"name": "20070311 Re: PHP-Nuke \u003c= 8.0 Cookie Manipulation (lang)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462588/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070310 PHP-Nuke \u003c= 8.0 Cookie Manipulation (lang)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462443/100/0/threaded"
},
{
"name": "22909",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22909"
},
{
"name": "24484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24484"
},
{
"name": "20070311 Re: PHP-Nuke \u003c= 8.0 Cookie Manipulation (lang)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462588/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070310 PHP-Nuke \u003c= 8.0 Cookie Manipulation (lang)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462443/100/0/threaded"
},
{
"name": "22909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22909"
},
{
"name": "24484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24484"
},
{
"name": "20070311 Re: PHP-Nuke \u003c= 8.0 Cookie Manipulation (lang)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462588/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1449",
"datePublished": "2007-03-14T18:00:00",
"dateReserved": "2007-03-14T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1519
Vulnerability from cvelistv5
Published
2007-03-20 20:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.
References
| ▼ | URL | Tags |
|---|---|---|
| http://phpfi.com/214668 | x_refsource_MISC | |
| http://www.wisec.it/ush/phpnukexss.html | x_refsource_MISC | |
| http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/ | x_refsource_MISC | |
| http://secunia.com/advisories/24629 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/462308/100/100/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://phpfi.com/214668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wisec.it/ush/phpnukexss.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/"
},
{
"name": "24629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24629"
},
{
"name": "20070309 Php Nuke POST XSS on steroids",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462308/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://phpfi.com/214668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wisec.it/ush/phpnukexss.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/"
},
{
"name": "24629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24629"
},
{
"name": "20070309 Php Nuke POST XSS on steroids",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462308/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://phpfi.com/214668",
"refsource": "MISC",
"url": "http://phpfi.com/214668"
},
{
"name": "http://www.wisec.it/ush/phpnukexss.html",
"refsource": "MISC",
"url": "http://www.wisec.it/ush/phpnukexss.html"
},
{
"name": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/",
"refsource": "MISC",
"url": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/"
},
{
"name": "24629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24629"
},
{
"name": "20070309 Php Nuke POST XSS on steroids",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462308/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1519",
"datePublished": "2007-03-20T20:00:00",
"dateReserved": "2007-03-20T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4212
Vulnerability from cvelistv5
Published
2007-08-08 01:52
Modified
2024-08-07 14:46
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/2974 | third-party-advisory, x_refsource_SREASON | |
| http://osvdb.org/42538 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/25171 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/475249/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2974",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2974"
},
{
"name": "42538",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42538"
},
{
"name": "25171",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25171"
},
{
"name": "20070801 PHP-Nuke (ALL versions) Multiple XSS and HTML injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475249/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing \"\u003c\" instead of a \"\u003e\" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2974",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2974"
},
{
"name": "42538",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42538"
},
{
"name": "25171",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25171"
},
{
"name": "20070801 PHP-Nuke (ALL versions) Multiple XSS and HTML injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475249/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing \"\u003c\" instead of a \"\u003e\" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2974",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2974"
},
{
"name": "42538",
"refsource": "OSVDB",
"url": "http://osvdb.org/42538"
},
{
"name": "25171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25171"
},
{
"name": "20070801 PHP-Nuke (ALL versions) Multiple XSS and HTML injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475249/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4212",
"datePublished": "2007-08-08T01:52:00",
"dateReserved": "2007-08-07T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5525
Vulnerability from cvelistv5
Published
2006-10-26 16:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/2617 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29705 | vdb-entry, x_refsource_XF | |
| http://www.neosecurityteam.net/index.php?action=advisories&id=27 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/20674 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/4149 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/22511 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2617",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2617"
},
{
"name": "encyclopedia-search-sql-injection(29705)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.neosecurityteam.net/index.php?action=advisories\u0026id=27"
},
{
"name": "20674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20674"
},
{
"name": "ADV-2006-4149",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4149"
},
{
"name": "22511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) \"/**/UNION \" or (2) \" UNION/**/\" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2617",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2617"
},
{
"name": "encyclopedia-search-sql-injection(29705)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.neosecurityteam.net/index.php?action=advisories\u0026id=27"
},
{
"name": "20674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20674"
},
{
"name": "ADV-2006-4149",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4149"
},
{
"name": "22511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) \"/**/UNION \" or (2) \" UNION/**/\" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2617",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2617"
},
{
"name": "encyclopedia-search-sql-injection(29705)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29705"
},
{
"name": "http://www.neosecurityteam.net/index.php?action=advisories\u0026id=27",
"refsource": "MISC",
"url": "http://www.neosecurityteam.net/index.php?action=advisories\u0026id=27"
},
{
"name": "20674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20674"
},
{
"name": "ADV-2006-4149",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4149"
},
{
"name": "22511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5525",
"datePublished": "2006-10-26T16:00:00",
"dateReserved": "2006-10-26T00:00:00",
"dateUpdated": "2024-08-07T19:55:52.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3934
Vulnerability from cvelistv5
Published
2014-06-02 14:00
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/67656 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-02T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3934",
"datePublished": "2014-06-02T14:00:00Z",
"dateReserved": "2014-06-02T00:00:00Z",
"dateUpdated": "2024-09-17T03:28:04.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4804
Vulnerability from cvelistv5
Published
2008-10-31 16:42
Modified
2024-08-07 10:31
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27957 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2008-02/0395.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41006 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27957"
},
{
"name": "20080223 php nuke gallery SQL Injection(aid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0395.html"
},
{
"name": "gallery-aid-sql-injection(41006)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27957"
},
{
"name": "20080223 php nuke gallery SQL Injection(aid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0395.html"
},
{
"name": "gallery-aid-sql-injection(41006)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27957"
},
{
"name": "20080223 php nuke gallery SQL Injection(aid)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0395.html"
},
{
"name": "gallery-aid-sql-injection(41006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4804",
"datePublished": "2008-10-31T16:42:00",
"dateReserved": "2008-10-31T00:00:00",
"dateUpdated": "2024-08-07T10:31:27.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1314
Vulnerability from cvelistv5
Published
2008-03-12 17:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=120440053123054&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://cod3rz.helloweb.eu/exploits/gaestebuch.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40975 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28063 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080301 PHP-Nuke Copyright 2005 SQL",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120440053123054\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cod3rz.helloweb.eu/exploits/gaestebuch.txt"
},
{
"name": "gaestebuch-id-sql-injection(40975)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40975"
},
{
"name": "28063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080301 PHP-Nuke Copyright 2005 SQL",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120440053123054\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cod3rz.helloweb.eu/exploits/gaestebuch.txt"
},
{
"name": "gaestebuch-id-sql-injection(40975)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40975"
},
{
"name": "28063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28063"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 PHP-Nuke Copyright 2005 SQL",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=120440053123054\u0026w=2"
},
{
"name": "http://cod3rz.helloweb.eu/exploits/gaestebuch.txt",
"refsource": "MISC",
"url": "http://cod3rz.helloweb.eu/exploits/gaestebuch.txt"
},
{
"name": "gaestebuch-id-sql-injection(40975)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40975"
},
{
"name": "28063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28063"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1314",
"datePublished": "2008-03-12T17:00:00",
"dateReserved": "2008-03-12T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7038
Vulnerability from cvelistv5
Published
2009-08-24 10:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/28030 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/488916/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40910 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/5203 | exploit, x_refsource_EXPLOIT-DB | |
| https://www.exploit-db.com/exploits/5242 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/51021 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28030",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28030"
},
{
"name": "20080228 PHP-Nuke My_eGallery \"gid\" Remote SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488916/100/100/threaded"
},
{
"name": "myegallery-gid-sql-injection(40910)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910"
},
{
"name": "5203",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5203"
},
{
"name": "5242",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5242"
},
{
"name": "51021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28030",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28030"
},
{
"name": "20080228 PHP-Nuke My_eGallery \"gid\" Remote SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488916/100/100/threaded"
},
{
"name": "myegallery-gid-sql-injection(40910)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910"
},
{
"name": "5203",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5203"
},
{
"name": "5242",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5242"
},
{
"name": "51021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51021"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28030"
},
{
"name": "20080228 PHP-Nuke My_eGallery \"gid\" Remote SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488916/100/100/threaded"
},
{
"name": "myegallery-gid-sql-injection(40910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910"
},
{
"name": "5203",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5203"
},
{
"name": "5242",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5242"
},
{
"name": "51021",
"refsource": "OSVDB",
"url": "http://osvdb.org/51021"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7038",
"datePublished": "2009-08-24T10:00:00",
"dateReserved": "2009-08-23T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0899
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7578 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=100593523104176&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://phpnukerz.org/modules.php?name=Downloads\u0026d_op=viewsdownload\u0026sid=32"
},
{
"name": "phpnuke-nettools-command-execution(7578)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7578"
},
{
"name": "20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100593523104176\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://phpnukerz.org/modules.php?name=Downloads\u0026d_op=viewsdownload\u0026sid=32"
},
{
"name": "phpnuke-nettools-command-execution(7578)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7578"
},
{
"name": "20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100593523104176\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://phpnukerz.org/modules.php?name=Downloads\u0026d_op=viewsdownload\u0026sid=32",
"refsource": "CONFIRM",
"url": "http://phpnukerz.org/modules.php?name=Downloads\u0026d_op=viewsdownload\u0026sid=32"
},
{
"name": "phpnuke-nettools-command-execution(7578)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7578"
},
{
"name": "20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100593523104176\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0899",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4767
Vulnerability from cvelistv5
Published
2008-10-28 10:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/28919 | vdb-entry, x_refsource_BID | |
| http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42007 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:21.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28919",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html"
},
{
"name": "downloadsplus-extension-file-upload(42007)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28919",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html"
},
{
"name": "downloadsplus-extension-file-upload(42007)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28919"
},
{
"name": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html",
"refsource": "MISC",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html"
},
{
"name": "downloadsplus-extension-file-upload(42007)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4767",
"datePublished": "2008-10-28T10:00:00",
"dateReserved": "2008-10-27T00:00:00",
"dateUpdated": "2024-08-07T10:24:21.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5039
Vulnerability from cvelistv5
Published
2008-11-12 20:18
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31952 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/4575 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46154 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/497855/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31952",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31952"
},
{
"name": "4575",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4575"
},
{
"name": "nukeleague-module-sql-injection(46154)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46154"
},
{
"name": "20081028 PHP-Nuke Module League (team\u0026tid) XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497855/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31952",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31952"
},
{
"name": "4575",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4575"
},
{
"name": "nukeleague-module-sql-injection(46154)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46154"
},
{
"name": "20081028 PHP-Nuke Module League (team\u0026tid) XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497855/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31952"
},
{
"name": "4575",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4575"
},
{
"name": "nukeleague-module-sql-injection(46154)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46154"
},
{
"name": "20081028 PHP-Nuke Module League (team\u0026tid) XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497855/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5039",
"datePublished": "2008-11-12T20:18:00",
"dateReserved": "2008-11-12T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-30177
Vulnerability from cvelistv5
Published
2021-04-07 10:48
Modified
2024-08-03 22:24
Severity ?
EPSS score ?
Summary
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-07T10:48:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47",
"refsource": "MISC",
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30177",
"datePublished": "2021-04-07T10:48:16",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1481
Vulnerability from cvelistv5
Published
2011-06-21 01:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/03/23/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/03/30/7 | mailing-list, x_refsource_MLIST | |
| http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1481",
"datePublished": "2011-06-21T01:00:00Z",
"dateReserved": "2011-03-21T00:00:00Z",
"dateUpdated": "2024-09-16T23:51:16.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1340
Vulnerability from cvelistv5
Published
2007-10-01 00:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/323425 | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3185 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/480866/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:02.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030530 Php-Nuke:users and admins password hashes vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/323425"
},
{
"name": "3185",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3185"
},
{
"name": "20070927 Re: [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480866/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030530 Php-Nuke:users and admins password hashes vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/323425"
},
{
"name": "3185",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3185"
},
{
"name": "20070927 Re: [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480866/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030530 Php-Nuke:users and admins password hashes vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/323425"
},
{
"name": "3185",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3185"
},
{
"name": "20070927 Re: [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480866/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1340",
"datePublished": "2007-10-01T00:00:00",
"dateReserved": "2007-09-30T00:00:00",
"dateUpdated": "2024-08-08T02:28:02.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2020
Vulnerability from cvelistv5
Published
2008-04-30 01:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/491127/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3834 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42152 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28877 | vdb-entry, x_refsource_BID | |
| http://www.rooksecurity.com/blog/?p=6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28877"
},
{
"name": "http://www.rooksecurity.com/blog/?p=6",
"refsource": "MISC",
"url": "http://www.rooksecurity.com/blog/?p=6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2020",
"datePublished": "2008-04-30T01:00:00",
"dateReserved": "2008-04-29T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1520
Vulnerability from cvelistv5
Published
2007-03-20 20:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/34501 | vdb-entry, x_refsource_OSVDB | |
| http://phpfi.com/214668 | x_refsource_MISC | |
| http://www.wisec.it/ush/phpnukexss.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/462727/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/ | x_refsource_MISC | |
| http://secunia.com/advisories/24629 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/462308/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/462575/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34501",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34501"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://phpfi.com/214668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wisec.it/ush/phpnukexss.html"
},
{
"name": "20070313 Re: Php Nuke POST XSS on steroids",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462727/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/"
},
{
"name": "24629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24629"
},
{
"name": "20070309 Php Nuke POST XSS on steroids",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462308/100/100/threaded"
},
{
"name": "20070311 Re: Php Nuke POST XSS on steroids",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462575/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34501",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34501"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://phpfi.com/214668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wisec.it/ush/phpnukexss.html"
},
{
"name": "20070313 Re: Php Nuke POST XSS on steroids",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462727/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/"
},
{
"name": "24629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24629"
},
{
"name": "20070309 Php Nuke POST XSS on steroids",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462308/100/100/threaded"
},
{
"name": "20070311 Re: Php Nuke POST XSS on steroids",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462575/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34501",
"refsource": "OSVDB",
"url": "http://osvdb.org/34501"
},
{
"name": "http://phpfi.com/214668",
"refsource": "MISC",
"url": "http://phpfi.com/214668"
},
{
"name": "http://www.wisec.it/ush/phpnukexss.html",
"refsource": "MISC",
"url": "http://www.wisec.it/ush/phpnukexss.html"
},
{
"name": "20070313 Re: Php Nuke POST XSS on steroids",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462727/100/0/threaded"
},
{
"name": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/",
"refsource": "MISC",
"url": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/"
},
{
"name": "24629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24629"
},
{
"name": "20070309 Php Nuke POST XSS on steroids",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462308/100/100/threaded"
},
{
"name": "20070311 Re: Php Nuke POST XSS on steroids",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462575/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1520",
"datePublished": "2007-03-20T20:00:00",
"dateReserved": "2007-03-20T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6865
Vulnerability from cvelistv5
Published
2009-07-14 14:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51735 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/497939/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/51890 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:00.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sectionsnew-modules-sql-injection(51735)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51735"
},
{
"name": "20081030 PHP-Nuke Module Sectionsnew (printpage\u0026artid) Remote SQL injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497939/100/0/threaded"
},
{
"name": "51890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51890"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sectionsnew-modules-sql-injection(51735)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51735"
},
{
"name": "20081030 PHP-Nuke Module Sectionsnew (printpage\u0026artid) Remote SQL injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497939/100/0/threaded"
},
{
"name": "51890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51890"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sectionsnew-modules-sql-injection(51735)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51735"
},
{
"name": "20081030 PHP-Nuke Module Sectionsnew (printpage\u0026artid) Remote SQL injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497939/100/0/threaded"
},
{
"name": "51890",
"refsource": "OSVDB",
"url": "http://osvdb.org/51890"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6865",
"datePublished": "2009-07-14T14:00:00",
"dateReserved": "2009-07-14T00:00:00",
"dateUpdated": "2024-08-07T11:49:00.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1842
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15596 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11195 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=108006309112075&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9895 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:48.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpnuke-img-gain-privileges(15596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15596"
},
{
"name": "11195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11195"
},
{
"name": "20040322 [waraxe-2004-SA#008 - easy way to get superadmin rights in PhpNuke 6.x-7.1.0]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"name": "9895",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpnuke-img-gain-privileges(15596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15596"
},
{
"name": "11195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11195"
},
{
"name": "20040322 [waraxe-2004-SA#008 - easy way to get superadmin rights in PhpNuke 6.x-7.1.0]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"name": "9895",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9895"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpnuke-img-gain-privileges(15596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15596"
},
{
"name": "11195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11195"
},
{
"name": "20040322 [waraxe-2004-SA#008 - easy way to get superadmin rights in PhpNuke 6.x-7.1.0]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"name": "9895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9895"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1842",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:48.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6779
Vulnerability from cvelistv5
Published
2009-05-01 17:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45992 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/31830 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sarkilar-module-sql-injection(45992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"name": "31830",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sarkilar-module-sql-injection(45992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"name": "31830",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31830"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sarkilar-module-sql-injection(45992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
},
{
"name": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"name": "31830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31830"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6779",
"datePublished": "2009-05-01T17:00:00",
"dateReserved": "2009-05-01T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7226
Vulnerability from cvelistv5
Published
2009-09-14 14:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/488649/100/100/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/27955 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/52224 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40807 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080223 php-nuke Recipes SQL Injection(recipeid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488649/100/100/threaded"
},
{
"name": "27955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27955"
},
{
"name": "52224",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52224"
},
{
"name": "recipe-modules-sql-injection(40807)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080223 php-nuke Recipes SQL Injection(recipeid)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488649/100/100/threaded"
},
{
"name": "27955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27955"
},
{
"name": "52224",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52224"
},
{
"name": "recipe-modules-sql-injection(40807)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080223 php-nuke Recipes SQL Injection(recipeid)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488649/100/100/threaded"
},
{
"name": "27955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27955"
},
{
"name": "52224",
"refsource": "OSVDB",
"url": "http://osvdb.org/52224"
},
{
"name": "recipe-modules-sql-injection(40807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7226",
"datePublished": "2009-09-14T14:00:00",
"dateReserved": "2009-09-14T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1308
Vulnerability from cvelistv5
Published
2008-03-12 17:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/28197 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3733 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/489387/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28197",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28197"
},
{
"name": "3733",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3733"
},
{
"name": "20080311 PHP-Nuke Module NukeC30 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489387/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28197",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28197"
},
{
"name": "3733",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3733"
},
{
"name": "20080311 PHP-Nuke Module NukeC30 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489387/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28197"
},
{
"name": "3733",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3733"
},
{
"name": "20080311 PHP-Nuke Module NukeC30 sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489387/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1308",
"datePublished": "2008-03-12T17:00:00",
"dateReserved": "2008-03-12T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5494
Vulnerability from cvelistv5
Published
2006-10-25 10:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap CVE-2006-6795.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/20633 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29694 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/29892 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/22505 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.exploit-db.com/exploits/2599 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.vupen.com/english/advisories/2006/4121 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20633",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20633"
},
{
"name": "pandabb-display-file-include(29694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29694"
},
{
"name": "29892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29892"
},
{
"name": "22505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22505"
},
{
"name": "2599",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2599"
},
{
"name": "ADV-2006-4121",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap CVE-2006-6795."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20633",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20633"
},
{
"name": "pandabb-display-file-include(29694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29694"
},
{
"name": "29892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29892"
},
{
"name": "22505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22505"
},
{
"name": "2599",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2599"
},
{
"name": "ADV-2006-4121",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4121"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap CVE-2006-6795."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20633"
},
{
"name": "pandabb-display-file-include(29694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29694"
},
{
"name": "29892",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29892"
},
{
"name": "22505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22505"
},
{
"name": "2599",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2599"
},
{
"name": "ADV-2006-4121",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4121"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5494",
"datePublished": "2006-10-25T10:00:00",
"dateReserved": "2006-10-24T00:00:00",
"dateUpdated": "2024-08-07T19:55:52.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1028
Vulnerability from cvelistv5
Published
2005-04-09 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111272010303144&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050404 [SECURITYREASON.COM] Full path disclosure and XSS in PHPNuke part 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111272010303144\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050404 [SECURITYREASON.COM] Full path disclosure and XSS in PHPNuke part 3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111272010303144\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050404 [SECURITYREASON.COM] Full path disclosure and XSS in PHPNuke part 3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111272010303144\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1028",
"datePublished": "2005-04-09T04:00:00",
"dateReserved": "2005-04-10T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1482
Vulnerability from cvelistv5
Published
2011-06-21 01:00
Modified
2024-09-16 20:47
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
References
| ▼ | URL | Tags |
|---|---|---|
| http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2011/03/30/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/03/23/9 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1482",
"datePublished": "2011-06-21T01:00:00Z",
"dateReserved": "2011-03-21T00:00:00Z",
"dateUpdated": "2024-09-16T20:47:40.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-03-14 18:19
Modified
2024-11-21 00:28
Severity ?
Summary
Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "575CFD4C-90CB-4D38-94F9-3D7915B2F054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DB1D99-9F35-43A2-AD72-4B495B5F31BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0.0:final:*:*:*:*:*:*",
"matchCriteriaId": "BE967F52-A9FD-496B-A40A-CEC87E138851",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalado de directorio en mainfile.php del PHP-Nuke 8.0 y versiones anteriores permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante un .. (punto punto) en el par\u00e1metro lang."
}
],
"id": "CVE-2007-1449",
"lastModified": "2024-11-21T00:28:20.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-14T18:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24484"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462443/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462588/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462443/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462588/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22909"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-14 14:30
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| php-nuke | sections_module | * | |
| phpnuke | php-nuke | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-nuke:sections_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C37BC1D2-C2AC-46C0-8BE2-30482FABFE2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en modules.php en el m\u00f3dulo Sectionsnew para PHP-Nuke permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro artid en una acci\u00f3n printpage."
}
],
"id": "CVE-2008-6865",
"lastModified": "2024-11-21T00:57:39.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-14T14:30:00.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/51890"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497939/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/51890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497939/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51735"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 20:55
Modified
2024-11-21 01:22
Severity ?
Summary
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | 8.0 | |
| phpnuke | web_links_module | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DB1D99-9F35-43A2-AD72-4B495B5F31BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:web_links_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9401BAC9-6D36-442E-9877-4708A8FBD75C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos SQL en el m\u00f3dulo Web_Links para PHP-Nuke v8.0, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro url en una acci\u00f3n Add en modules.php"
}
],
"id": "CVE-2010-5083",
"lastModified": "2024-11-21T01:22:27.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-14T20:55:02.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-20 20:19
Modified
2024-11-21 00:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A43B27-19D2-4118-B80E-8E225C34BFB1",
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en el archivo modules.php en PHP-Nuke versi\u00f3n 8.0 y anteriores, permite que los atacantes remotos inyecten un script web o HTML arbitrario por medio del par\u00e1metro query en una operaci\u00f3n search en el m\u00f3dulo Downloads, un producto diferente al CVE-2006- 3948."
}
],
"id": "CVE-2007-1519",
"lastModified": "2024-11-21T00:28:30.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-20T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://phpfi.com/214668"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24629"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462308/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.wisec.it/ush/phpnukexss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://phpfi.com/214668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462308/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.wisec.it/ush/phpnukexss.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-20 14:30
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| phpnuke | php-nuke | 5.0 | |
| phpnuke | php-nuke | 5.0.1 | |
| phpnuke | php-nuke | 5.1 | |
| phpnuke | php-nuke | 5.2 | |
| phpnuke | php-nuke | 5.3 | |
| phpnuke | php-nuke | 5.3.1 | |
| phpnuke | php-nuke | 5.4 | |
| phpnuke | php-nuke | 5.5 | |
| phpnuke | php-nuke | 5.6 | |
| phpnuke | php-nuke | 6.0 | |
| phpnuke | php-nuke | 6.5 | |
| phpnuke | php-nuke | 6.6 | |
| phpnuke | php-nuke | 6.7 | |
| phpnuke | php-nuke | 6.8 | |
| phpnuke | php-nuke | 6.9 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 7.1 | |
| phpnuke | php-nuke | 7.2 | |
| phpnuke | php-nuke | 7.3 | |
| phpnuke | php-nuke | 7.4 | |
| phpnuke | php-nuke | 7.5 | |
| phpnuke | php-nuke | 7.6 | |
| phpnuke | php-nuke | 7.7 | |
| phpnuke | php-nuke | 7.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC56275-9F65-43B6-A091-68FB42968C2C",
"versionEndIncluding": "7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA1307E-34B7-4BC1-BBA8-59347330B714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE7B61B-172B-499A-B7E9-BA6EF4BEADCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF21F07-5A08-45BE-BB72-4B48017B76FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4065BB3-A189-4D68-A514-7160C532629A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D18BDCD3-C7E8-4D73-BA36-3A4D245DBE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31A013B9-9A29-4CBE-A6AE-DC83F34BB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2831357B-2252-458A-9ED9-40AE0831FE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA9804-C61A-4172-B3B3-B2E8AC0D4B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BD4C3-71D7-48E2-B3A4-7B1975982D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D84C9E-B703-4285-BE2E-CBF17BA28C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA81E1-E9E9-45F6-8C61-D496888451E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D294C7-FBE3-4D3A-A497-29C3EF6615DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99F22ADA-E201-44CE-8EE9-FEB4170E16C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D714A77C-1771-4648-A68C-D34477B57AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A365BB29-7E19-42E6-AA70-7951F939C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el modulo \"Sections\" de PHP-Nuke probablemente en versiones anteriores a v8.0. Permite a usuarios remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"artid\" de una acci\u00f3n printpage solicitada a modules.php."
}
],
"id": "CVE-2008-6728",
"lastModified": "2024-11-21T00:57:19.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-20T14:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52033"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-14 18:19
Modified
2024-11-21 00:28
Severity ?
Summary
SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "575CFD4C-90CB-4D38-94F9-3D7915B2F054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0.0:final:*:*:*:*:*:*",
"matchCriteriaId": "BE967F52-A9FD-496B-A40A-CEC87E138851",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el mainfile.php del PHP-Nuke 8.0 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n en m\u00f3dulo Top o News mediante el par\u00e1metro lang."
}
],
"id": "CVE-2007-1450",
"lastModified": "2024-11-21T00:28:20.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-14T18:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462443/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462443/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22909"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-28 10:30
Modified
2024-11-21 00:52
Severity ?
Summary
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| php-nuke | downloadsplus_module | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-nuke:downloadsplus_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35710335-96F5-46A9-9848-0BE9B7732DDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de fichero sin restricci\u00f3n en el m\u00f3dulo DownloadsPlus en PHP-Nuke, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s la subida de ficheros con la extensi\u00f3n (1) .htm, (2) .html, o (3) .txt y despu\u00e9s accediendo a ellos mediante una petici\u00f3n directa al archivo. NOTA: el origen de esta informaci\u00f3n es desconocido. Los detalles han sido obtenidos de terceros. NOTA: no est\u00e1 claro c\u00f3mo permitiendo la subida de archivos .txt o .html se permite la ejecuci\u00f3n arbitraria de c\u00f3digo; es posible que sea una funcionalidad leg\u00edtima."
}
],
"id": "CVE-2008-4767",
"lastModified": "2024-11-21T00:52:30.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-28T10:30:01.227",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28919"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28919.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=111272010303144&w=2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=111272010303144&w=2 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B02489B-CA09-441D-8364-6BD5481CAFAC",
"versionEndIncluding": "7.6",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message."
},
{
"lang": "es",
"value": "PHP-Nuke 6.x hasta la versi\u00f3n 7.6 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a (1) index.php con el par\u00e1metro forum_admin establecido, (2) el m\u00f3dulo Surveys o (3) el m\u00f3dulo Your_Account, lo que revela la ruta en un mensaje de error PHP."
}
],
"id": "CVE-2005-1028",
"lastModified": "2024-11-20T23:56:26.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111272010303144\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111272010303144\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-24 10:30
Modified
2024-11-21 00:58
Severity ?
Summary
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| maxdev | my_egallery | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:maxdev:my_egallery:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1943F997-8B2F-49C9-B6E9-6E5331309853",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo My_eGallery para PHP-Nuke, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro gid en una acci\u00f3n showgall sobre modules.php. Nota: este asunto fue revelado por un investigador poco fiable, por lo que la informaci\u00f3n podr\u00eda ser incorrecta."
}
],
"id": "CVE-2008-7038",
"lastModified": "2024-11-21T00:58:07.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-24T10:30:01.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/51021"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488916/100/100/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28030"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5203"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/51021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488916/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5242"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-20 20:19
Modified
2024-11-21 00:28
Severity ?
Summary
The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A43B27-19D2-4118-B80E-8E225C34BFB1",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BD4C3-71D7-48E2-B3A4-7B1975982D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA81E1-E9E9-45F6-8C61-D496888451E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "575CFD4C-90CB-4D38-94F9-3D7915B2F054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks."
},
{
"lang": "es",
"value": "La protecci\u00f3n de cross-site request forgery (CSRF) en PHP-Nuke versi\u00f3n 8.0 y anteriores, no garantiza que la superglobal SERVER sea una matriz antes de validar la HTTP_REFERER, que permite a los atacantes remotos realizar ataques CSRF."
}
],
"id": "CVE-2007-1520",
"lastModified": "2024-11-21T00:28:31.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-20T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34501"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://phpfi.com/214668"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24629"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462308/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462575/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462727/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.wisec.it/ush/phpnukexss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://phpfi.com/214668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462308/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462575/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462727/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.wisec.it/ush/phpnukexss.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-26 16:07
Modified
2024-11-21 00:19
Severity ?
Summary
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC56275-9F65-43B6-A091-68FB42968C2C",
"versionEndIncluding": "7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) \"/**/UNION \" or (2) \" UNION/**/\" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en mainfile.php en PHP-Nuke 7.9 y anteriores permite a un atacante remoto llevar a cabo un ataque de inyecci\u00f3n SQL a trav\u00e9s de las secuencias (1) \"/**/UNION \" o (2) \" UNION/**/\", lo cual no es aceptado por los mecanismos de protecci\u00f3n, como se demostr\u00f3 por la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro eid en una acci\u00f3n de b\u00fasqueda en el m\u00f3dulo Encyclopedia en modules.php."
}
],
"id": "CVE-2006-5525",
"lastModified": "2024-11-21T00:19:35.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-26T16:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22511"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.neosecurityteam.net/index.php?action=advisories\u0026id=27"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20674"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4149"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29705"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.neosecurityteam.net/index.php?action=advisories\u0026id=27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2617"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-31 18:09
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nukedgallery | gallery | * | |
| phpnuke | php-nuke | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nukedgallery:gallery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "834A650B-DD21-4425-995F-C32BD8B5441D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Gallery 1.3 para PHP-Nuke permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro aid en una acci\u00f3n showalbum a index.php. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros. NOTA: este problema fue descubierto por un investigador poco fidedigno, por lo que podr\u00eda ser incorrecto."
}
],
"id": "CVE-2008-4804",
"lastModified": "2024-11-21T00:52:36.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-31T18:09:07.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0395.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27957"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-24 00:55
Modified
2024-11-21 01:31
Severity ?
Summary
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DB1D99-9F35-43A2-AD72-4B495B5F31BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
},
{
"lang": "es",
"value": "Francisco Burzi PHP-Nuke v8.0 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con themes/Odyssey/theme.php y algunos otros archivos."
}
],
"id": "CVE-2011-3784",
"lastModified": "2024-11-21T01:31:15.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-24T00:55:02.597",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-12 21:09
Modified
2024-11-21 00:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| php-nuke | league_module | * | |
| php-nuke | league_module | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-nuke:league_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB44059-2559-4B19-9DC5-F212751A4EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-nuke:league_module:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C234BB85-83D0-4F67-8161-EC58D5D668CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos de sitios cruzados (XSS) en el m\u00f3dulo League para PHP-Nuke, puede que en v2.4; permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro tid en una acci\u00f3n de equipo en modules.php."
}
],
"id": "CVE-2008-5039",
"lastModified": "2024-11-21T00:53:08.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-12T21:09:03.067",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4575"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497855/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31952"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497855/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46154"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-14 14:30
Modified
2024-11-21 00:58
Severity ?
Summary
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| php-nuke | recipe_module | 1.3 | |
| php-nuke | recipe_module | 1.4 | |
| phpnuke | php-nuke | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-nuke:recipe_module:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9007E193-0071-468F-B8C6-426B96A56FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-nuke:recipe_module:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3EB265-421E-40E4-A55B-CFE4DC27F6C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php en el m\u00f3dulo Recipes v1.3, v1.4, y posiblemente otras versiones para PHP Nuke, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"recipeid\"."
}
],
"id": "CVE-2008-7226",
"lastModified": "2024-11-21T00:58:35.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-14T14:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52224"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488649/100/100/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27955"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488649/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40807"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-21 02:52
Modified
2024-11-21 01:26
Severity ?
Summary
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| phpnuke | php-nuke | 5.0 | |
| phpnuke | php-nuke | 5.0.1 | |
| phpnuke | php-nuke | 5.1 | |
| phpnuke | php-nuke | 5.2 | |
| phpnuke | php-nuke | 5.3 | |
| phpnuke | php-nuke | 5.3.1 | |
| phpnuke | php-nuke | 5.4 | |
| phpnuke | php-nuke | 5.5 | |
| phpnuke | php-nuke | 5.6 | |
| phpnuke | php-nuke | 6.0 | |
| phpnuke | php-nuke | 6.5 | |
| phpnuke | php-nuke | 6.6 | |
| phpnuke | php-nuke | 6.7 | |
| phpnuke | php-nuke | 6.8 | |
| phpnuke | php-nuke | 6.9 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 7.1 | |
| phpnuke | php-nuke | 7.2 | |
| phpnuke | php-nuke | 7.3 | |
| phpnuke | php-nuke | 7.4 | |
| phpnuke | php-nuke | 7.5 | |
| phpnuke | php-nuke | 7.6 | |
| phpnuke | php-nuke | 7.7 | |
| phpnuke | php-nuke | 7.8 | |
| phpnuke | php-nuke | 7.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A43B27-19D2-4118-B80E-8E225C34BFB1",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA1307E-34B7-4BC1-BBA8-59347330B714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE7B61B-172B-499A-B7E9-BA6EF4BEADCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF21F07-5A08-45BE-BB72-4B48017B76FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4065BB3-A189-4D68-A514-7160C532629A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D18BDCD3-C7E8-4D73-BA36-3A4D245DBE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31A013B9-9A29-4CBE-A6AE-DC83F34BB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2831357B-2252-458A-9ED9-40AE0831FE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA9804-C61A-4172-B3B3-B2E8AC0D4B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BD4C3-71D7-48E2-B3A4-7B1975982D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D84C9E-B703-4285-BE2E-CBF17BA28C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA81E1-E9E9-45F6-8C61-D496888451E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D294C7-FBE3-4D3A-A497-29C3EF6615DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99F22ADA-E201-44CE-8EE9-FEB4170E16C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D714A77C-1771-4648-A68C-D34477B57AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A365BB29-7E19-42E6-AA70-7951F939C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "575CFD4C-90CB-4D38-94F9-3D7915B2F054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en admin.php en la zona de administraci\u00f3n de Francisco Burzi PHP-Nuke v8.0 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro chng_uid.\r\n"
}
],
"id": "CVE-2011-1480",
"lastModified": "2024-11-21T01:26:24.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-21T02:52:42.513",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"source": "secalert@redhat.com",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=108006309112075&w=2 | Mailing List | |
| cve@mitre.org | http://secunia.com/advisories/11195 | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/bid/9895 | Broken Link, Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/15596 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108006309112075&w=2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/11195 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9895 | Broken Link, Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/15596 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "275B70ED-0416-40AC-B06F-9FF91FE14BB8",
"versionEndIncluding": "7.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php."
}
],
"id": "CVE-2004-1842",
"lastModified": "2024-11-20T23:51:52.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/11195"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/9895"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/11195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/9895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15596"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BD4C3-71D7-48E2-B3A4-7B1975982D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA81E1-E9E9-45F6-8C61-D496888451E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279."
}
],
"id": "CVE-2003-1340",
"lastModified": "2024-11-20T23:46:54.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3185"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/323425"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/480866/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/323425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/480866/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-12 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| johannes_hass | gaestebuch_module | 2.2 | |
| phpnuke | php-nuke | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:johannes_hass:gaestebuch_module:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB58F721-7C1D-4C30-82EE-67828CA9D5EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Johannes Hass gaestebuch 2.2 para PHP-Nuke permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro id en una acci\u00f3n edit a modules.php."
}
],
"id": "CVE-2008-1314",
"lastModified": "2024-11-21T00:44:14.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-12T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://cod3rz.helloweb.eu/exploits/gaestebuch.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120440053123054\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28063"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://cod3rz.helloweb.eu/exploits/gaestebuch.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120440053123054\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40975"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-12 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| sudirman_angriawan | nukec30 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sudirman_angriawan:nukec30:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6F94D4-0E32-4169-8726-CE0EF8DDC163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Sudirman Angriawan NukeC30 3.0 para PHP-Nuke permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro id_catg en una acci\u00f3n ViewCatg action a modules.php."
}
],
"id": "CVE-2008-1308",
"lastModified": "2024-11-21T00:44:13.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-12T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3733"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489387/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489387/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28197"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-21 02:52
Modified
2024-11-21 01:26
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| phpnuke | php-nuke | 5.0 | |
| phpnuke | php-nuke | 5.0.1 | |
| phpnuke | php-nuke | 5.1 | |
| phpnuke | php-nuke | 5.2 | |
| phpnuke | php-nuke | 5.3 | |
| phpnuke | php-nuke | 5.3.1 | |
| phpnuke | php-nuke | 5.4 | |
| phpnuke | php-nuke | 5.5 | |
| phpnuke | php-nuke | 5.6 | |
| phpnuke | php-nuke | 6.0 | |
| phpnuke | php-nuke | 6.5 | |
| phpnuke | php-nuke | 6.6 | |
| phpnuke | php-nuke | 6.7 | |
| phpnuke | php-nuke | 6.8 | |
| phpnuke | php-nuke | 6.9 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 7.1 | |
| phpnuke | php-nuke | 7.2 | |
| phpnuke | php-nuke | 7.3 | |
| phpnuke | php-nuke | 7.4 | |
| phpnuke | php-nuke | 7.5 | |
| phpnuke | php-nuke | 7.6 | |
| phpnuke | php-nuke | 7.7 | |
| phpnuke | php-nuke | 7.8 | |
| phpnuke | php-nuke | 7.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A43B27-19D2-4118-B80E-8E225C34BFB1",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA1307E-34B7-4BC1-BBA8-59347330B714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE7B61B-172B-499A-B7E9-BA6EF4BEADCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF21F07-5A08-45BE-BB72-4B48017B76FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4065BB3-A189-4D68-A514-7160C532629A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D18BDCD3-C7E8-4D73-BA36-3A4D245DBE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31A013B9-9A29-4CBE-A6AE-DC83F34BB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2831357B-2252-458A-9ED9-40AE0831FE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA9804-C61A-4172-B3B3-B2E8AC0D4B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BD4C3-71D7-48E2-B3A4-7B1975982D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D84C9E-B703-4285-BE2E-CBF17BA28C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA81E1-E9E9-45F6-8C61-D496888451E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D294C7-FBE3-4D3A-A497-29C3EF6615DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99F22ADA-E201-44CE-8EE9-FEB4170E16C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D714A77C-1771-4648-A68C-D34477B57AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A365BB29-7E19-42E6-AA70-7951F939C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "575CFD4C-90CB-4D38-94F9-3D7915B2F054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Francisco Burzi PHP-Nuke v8.0 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro a (1)sender_name o (2)sender_email en la acci\u00f3n Feedback en modules.php.\r\n"
}
],
"id": "CVE-2011-1481",
"lastModified": "2024-11-21T01:26:24.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-21T02:52:42.547",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"source": "secalert@redhat.com",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-25 10:07
Modified
2024-11-21 00:19
Severity ?
Summary
Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap CVE-2006-6795.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DB1D99-9F35-43A2-AD72-4B495B5F31BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap CVE-2006-6795."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de archivos de PHP en modules/My_eGallery/public/displayCategory.php en el m\u00f3dulo pandaBB para PHP-Nuke permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL en los par\u00e1metros (1) adminpath o (2) basepath."
}
],
"id": "CVE-2006-5494",
"lastModified": "2024-11-21T00:19:27.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-25T10:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22505"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29892"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20633"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4121"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29694"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2599"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-30 01:07
Modified
2024-11-21 00:45
Severity ?
Summary
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e107 | e107 | 0.7.11 | |
| labgab | labgab | 1.1 | |
| my123tkshop | e-commerce-suite | 0.9.1 | |
| opendb | opendb | 1.5.0 | |
| phpmybittorrent | phpmybittorrent | 1.2.2 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 8.1 | |
| torrentflux_project | torrentflux | 2.3 | |
| webze | webze | 0.5.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C62F8AD-EA30-441E-B97F-EF8DE640DC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:labgab:labgab:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3310461-272D-43C7-A8AA-589A7254FEF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:my123tkshop:e-commerce-suite:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC59E14-E4F7-4E9F-BE4E-98CD5797B45E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opendb:opendb:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "0D1D7CD9-80EA-4D43-AB3A-BF833DB9F144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmybittorrent:phpmybittorrent:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "20B593A2-9634-4AA0-8D63-CECA6391BEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8442671-45B5-48F6-905F-41A8FD3BF301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux_project:torrentflux:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B86EC9-2E6B-4BDE-B131-8BD82500D041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webze:webze:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA1E599-AC63-40AA-A3B9-6585CDABFFE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
},
{
"lang": "es",
"value": "La implementaci\u00f3n CAPTCHA como se utiliza en (1) Francisco Burzi PHP-Nuke 7.0 y 8.1, (2) my123tkShop e-Commerce-Suite (tambi\u00e9n conocido como 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (tambi\u00e9n conocido como OpenDb) 1.5.0b4, y (8) Labgab 1.1; utiliza una imagen de fondo code_bg.jpg y la funci\u00f3n de PHP ImageString de una forma que no produce un n\u00famero suficiente de im\u00e1genes diferentes; esto permite a atacantes remotos pasar el test CAPTCHA mediante un ataque autom\u00e1tico utilizando una tabla con todas las sumas de validaci\u00f3n (checksum) de im\u00e1genes posibles y sus cadenas de d\u00edgitos correspondientes."
}
],
"id": "CVE-2008-2020",
"lastModified": "2024-11-21T00:45:54.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2008-04-30T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-01 17:30
Modified
2024-11-21 00:57
Severity ?
Summary
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| phpnuke | sarkilar_module | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:sarkilar_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "283957F8-C91F-4F37-82D1-A388CA57039C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Sarkilar para PHP-Nuke permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro id en una acci\u00f3n showcontent (muestra contenido) a modules.php."
}
],
"id": "CVE-2008-6779",
"lastModified": "2024-11-21T00:57:26.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-01T17:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31830"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-21 02:52
Modified
2024-11-21 01:26
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| phpnuke | php-nuke | 5.0 | |
| phpnuke | php-nuke | 5.0.1 | |
| phpnuke | php-nuke | 5.1 | |
| phpnuke | php-nuke | 5.2 | |
| phpnuke | php-nuke | 5.3 | |
| phpnuke | php-nuke | 5.3.1 | |
| phpnuke | php-nuke | 5.4 | |
| phpnuke | php-nuke | 5.5 | |
| phpnuke | php-nuke | 5.6 | |
| phpnuke | php-nuke | 6.0 | |
| phpnuke | php-nuke | 6.5 | |
| phpnuke | php-nuke | 6.6 | |
| phpnuke | php-nuke | 6.7 | |
| phpnuke | php-nuke | 6.8 | |
| phpnuke | php-nuke | 6.9 | |
| phpnuke | php-nuke | 7.0 | |
| phpnuke | php-nuke | 7.1 | |
| phpnuke | php-nuke | 7.2 | |
| phpnuke | php-nuke | 7.3 | |
| phpnuke | php-nuke | 7.4 | |
| phpnuke | php-nuke | 7.5 | |
| phpnuke | php-nuke | 7.6 | |
| phpnuke | php-nuke | 7.7 | |
| phpnuke | php-nuke | 7.8 | |
| phpnuke | php-nuke | 7.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A43B27-19D2-4118-B80E-8E225C34BFB1",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA1307E-34B7-4BC1-BBA8-59347330B714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE7B61B-172B-499A-B7E9-BA6EF4BEADCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF21F07-5A08-45BE-BB72-4B48017B76FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4065BB3-A189-4D68-A514-7160C532629A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D18BDCD3-C7E8-4D73-BA36-3A4D245DBE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31A013B9-9A29-4CBE-A6AE-DC83F34BB367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2831357B-2252-458A-9ED9-40AE0831FE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDA9804-C61A-4172-B3B3-B2E8AC0D4B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F42BD4C3-71D7-48E2-B3A4-7B1975982D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D84C9E-B703-4285-BE2E-CBF17BA28C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA81E1-E9E9-45F6-8C61-D496888451E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D294C7-FBE3-4D3A-A497-29C3EF6615DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99F22ADA-E201-44CE-8EE9-FEB4170E16C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D714A77C-1771-4648-A68C-D34477B57AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A365BB29-7E19-42E6-AA70-7951F939C92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "575CFD4C-90CB-4D38-94F9-3D7915B2F054",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en mainfile.php en Francisco Burzi PHP-Nuke v8.0 , permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para (1)agregar cuentas de usuario o (2) la concesi\u00f3n de privilegios de administrador a una cuenta de usuario, relacionado con una comprobaci\u00f3n de Referer que utiliza una comparaci\u00f3n de subcadenas. .\r\n"
}
],
"id": "CVE-2011-1482",
"lastModified": "2024-11-21T01:26:24.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-21T02:52:42.593",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"source": "secalert@redhat.com",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-02 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | 8.3 | |
| phpnuke | submit_news_module | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5D174CC8-E370-4CE7-ABCF-E6D1EAF8F261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:submit_news_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77AA5278-4420-4255-8084-B9D5502306A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Submit_News para PHP-Nuke 8.3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro topics[] hacia modules.php."
}
],
"id": "CVE-2014-3934",
"lastModified": "2024-11-21T02:09:09.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-02T14:55:04.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-11-16 05:00
Modified
2024-11-20 23:36
Severity ?
Summary
Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpnuke | php-nuke | * | |
| rick_fournier | network_tools | 0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rick_fournier:network_tools:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BEC6B3-7764-49FC-9B75-D44778625716",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable."
}
],
"id": "CVE-2001-0899",
"lastModified": "2024-11-20T23:36:23.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-11-16T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100593523104176\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://phpnukerz.org/modules.php?name=Downloads\u0026d_op=viewsdownload\u0026sid=32"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100593523104176\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://phpnukerz.org/modules.php?name=Downloads\u0026d_op=viewsdownload\u0026sid=32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7578"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-08 02:17
Modified
2024-11-21 00:35
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "575CFD4C-90CB-4D38-94F9-3D7915B2F054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DB1D99-9F35-43A2-AD72-4B495B5F31BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing \"\u003c\" instead of a \"\u003e\" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el M\u00f3dulo de b\u00fasqueda de PHP-Nuke permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante un \"\u003c\" en vez de \"\u003e\" al final de (1) el atribugo onerror de un elemento IMG, (2) el atributo onload de un elemento IFRAME, o (3) redireccionar usuarios a otros sitios mediante la etiqueta META."
}
],
"id": "CVE-2007-4212",
"lastModified": "2024-11-21T00:35:03.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-08T02:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42538"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2974"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/475249/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/475249/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25171"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-07 11:15
Modified
2024-11-21 06:03
Severity ?
Summary
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8792184-8092-4443-B532-DA3D7139A942",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n SQL en PHP-Nuke versi\u00f3n 8.3.3, en la secci\u00f3n User Registration, que conlleva a una ejecuci\u00f3n de c\u00f3digo remota.\u0026#xa0;Esto ocurre porque el estado de U.S. no est\u00e1 comprobado para tener dos letras y el campo OrderBy no est\u00e1 comprobado para ser uno de LASTNAME, CITY, o STATE"
}
],
"id": "CVE-2021-30177",
"lastModified": "2024-11-21T06:03:27.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-07T11:15:12.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-01 14:30
Modified
2024-11-21 01:03
Severity ?
Summary
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DB1D99-9F35-43A2-AD72-4B495B5F31BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en main/tracking/userLog.php en Francisco Burzi PHP-Nuke v8.0 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante la cabecera \"HTTP Referer\"."
}
],
"id": "CVE-2009-1842",
"lastModified": "2024-11-21T01:03:30.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-01T14:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-200505-1008
Vulnerability from variot
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke is prone to a information disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "gte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "6.0"
},
{
"model": "php-nuke",
"scope": "lte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "7.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.7"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.9"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.4"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_beta1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_final"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.6"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.3"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.1"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.6"
},
{
"model": "burzi php-nuke rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1028"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "90112"
}
],
"trust": 0.3
},
"cve": "CVE-2005-1028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12237",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1028",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12237",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke is prone to a information disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "VULHUB",
"id": "VHN-12237"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1028",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172",
"trust": 0.7
},
{
"db": "BID",
"id": "90112",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-12237",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"id": "VAR-200505-1008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:40:23.269000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=111272010303144\u0026w=2"
},
{
"trust": 0.3,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=111272010303144\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=111272010303144\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-12237"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "90112"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-12237"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "90112"
},
{
"date": "2019-07-16T12:20:01.417000",
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"date": "2019-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
],
"trust": 0.6
}
}
var-200412-1226
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. This issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke's handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "gte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "6.0"
},
{
"model": "php-nuke",
"scope": "lte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "7.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.7"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.9"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_final"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.0_final"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.1"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.6"
},
{
"model": "burzi php-nuke rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke beta",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.51"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Janek Vind\u203b come2waraxe@yahoo.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1842",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-10271",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-1842",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1842",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-738",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-10271",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2004-1842",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. \nThis issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke\u0027s handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-10271",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=23835",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "9895",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "11195",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2004-1842",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738",
"trust": 0.7
},
{
"db": "XF",
"id": "15596",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6194",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040322 [WARAXE-2004-SA#008 - EASY WAY TO GET SUPERADMIN RIGHTS IN PHPNUKE 6.X-7.1.0]",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "23835",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-77580",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-10271",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2004-1842",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"id": "VAR-200412-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-09T22:39:13.083000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.1,
"url": "https://github.com/faizhaffizudin/case-study-hamsa "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/9895"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/11195"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15596"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15596"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6194"
},
{
"trust": 0.3,
"url": "http://www.irannuke.com/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108006309112075\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/23835/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10271"
},
{
"date": "2004-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"date": "2004-03-16T00:00:00",
"db": "BID",
"id": "9895"
},
{
"date": "2004-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10271"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"date": "2004-03-16T00:00:00",
"db": "BID",
"id": "9895"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"date": "2024-02-08T20:46:14.233000",
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Image Tag management command execution vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
}
}