cvelistv5 - cve-2005-3304

cve-2005-3304

Vulnerability from cvelistv5

Published

2005-10-25 04:00

Modified

2024-08-07 23:10

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=113017049702436&w=2
cve@mitre.org	http://rgod.altervista.org/phpnuke78sql.html	Exploit, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/17315/	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/20291
cve@mitre.org	http://www.osvdb.org/20292
cve@mitre.org	http://www.osvdb.org/20293
cve@mitre.org	http://www.securityfocus.com/bid/15178
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2191
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/22851
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=113017049702436&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rgod.altervista.org/phpnuke78sql.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17315/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/20291
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/20292
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/20293
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15178
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2191
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/22851

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:10:08.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rgod.altervista.org/phpnuke78sql.html"
          },
          {
            "name": "phpnuke-multiple-modules-sql-injection(22851)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851"
          },
          {
            "name": "15178",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15178"
          },
          {
            "name": "20051023 PhpNuke 7.8 with all security fixes/patches \"Your_Account\",",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2"
          },
          {
            "name": "20293",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20293"
          },
          {
            "name": "17315",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17315/"
          },
          {
            "name": "20292",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20292"
          },
          {
            "name": "ADV-2005-2191",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2191"
          },
          {
            "name": "20291",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20291"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rgod.altervista.org/phpnuke78sql.html"
        },
        {
          "name": "phpnuke-multiple-modules-sql-injection(22851)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851"
        },
        {
          "name": "15178",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15178"
        },
        {
          "name": "20051023 PhpNuke 7.8 with all security fixes/patches \"Your_Account\",",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2"
        },
        {
          "name": "20293",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20293"
        },
        {
          "name": "17315",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17315/"
        },
        {
          "name": "20292",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20292"
        },
        {
          "name": "ADV-2005-2191",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2191"
        },
        {
          "name": "20291",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20291"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3304",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://rgod.altervista.org/phpnuke78sql.html",
              "refsource": "MISC",
              "url": "http://rgod.altervista.org/phpnuke78sql.html"
            },
            {
              "name": "phpnuke-multiple-modules-sql-injection(22851)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851"
            },
            {
              "name": "15178",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15178"
            },
            {
              "name": "20051023 PhpNuke 7.8 with all security fixes/patches \"Your_Account\",",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2"
            },
            {
              "name": "20293",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20293"
            },
            {
              "name": "17315",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17315/"
            },
            {
              "name": "20292",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20292"
            },
            {
              "name": "ADV-2005-2191",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2191"
            },
            {
              "name": "20291",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20291"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3304",
    "datePublished": "2005-10-25T04:00:00",
    "dateReserved": "2005-10-26T00:00:00",
    "dateUpdated": "2024-08-07T23:10:08.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F9A4F5F-31CB-4097-85E9-B08B2530E9EE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.\"}]",
      "id": "CVE-2005-3304",
      "lastModified": "2024-11-21T00:01:34.643",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2005-10-26T01:02:00.000",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rgod.altervista.org/phpnuke78sql.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/17315/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/20291\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/20292\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/20293\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/15178\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2005/2191\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/22851\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rgod.altervista.org/phpnuke78sql.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/17315/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/20291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/20292\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/20293\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/15178\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2005/2191\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/22851\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3304\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-10-26T01:02:00.000\",\"lastModified\":\"2024-11-21T00:01:34.643\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9A4F5F-31CB-4097-85E9-B08B2530E9EE\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rgod.altervista.org/phpnuke78sql.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17315/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/20291\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/20292\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/20293\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/15178\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2191\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/22851\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rgod.altervista.org/phpnuke78sql.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17315/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/20291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/20292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/20293\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/15178\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/22851\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. PHPNuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. Remote attackers can insert malicious SQL statement strings into the input data to operate the database without authorization.

TITLE: PHP-Nuke SQL Injection Vulnerabilities

SECUNIA ADVISORY ID: SA17315

VERIFY ADVISORY: http://secunia.com/advisories/17315/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

WHERE:

From remote

SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/

DESCRIPTION: rgod has discovered some vulnerabilities in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities have been confirmed in version 7.8. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY: rgod

ORIGINAL ADVISORY: http://rgod.altervista.org/phpnuke78sql.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200510-0068",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "7.8"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "15178"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-194"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3304"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "rgod is credited with the discovery of these vulnerabilities.",
    "sources": [
      {
        "db": "BID",
        "id": "15178"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2005-3304",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-14513",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2005-3304",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-3304",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200510-194",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-14513",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2005-3304",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3304"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-194"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. PHPNuke is prone to multiple SQL injection vulnerabilities.  These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. \nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. Remote attackers can insert malicious SQL statement strings into the input data to operate the database without authorization. \n\nTITLE:\nPHP-Nuke SQL Injection Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA17315\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17315/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nManipulation of data\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPHP-Nuke 7.x\nhttp://secunia.com/product/2385/\n\nDESCRIPTION:\nrgod has discovered some vulnerabilities in PHP-Nuke, which can be\nexploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe vulnerabilities have been confirmed in version 7.8. Other\nversions may also be affected. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nPROVIDED AND/OR DISCOVERED BY:\nrgod\n\nORIGINAL ADVISORY:\nhttp://rgod.altervista.org/phpnuke78sql.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3304"
      },
      {
        "db": "BID",
        "id": "15178"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3304"
      },
      {
        "db": "PACKETSTORM",
        "id": "40880"
      }
    ],
    "trust": 1.44
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-14513",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32747",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3304"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "15178",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "17315",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2005-2191",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "20293",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "20291",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "20292",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3304",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-194",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "22851",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20051023 PHPNUKE 7.8 WITH ALL SECURITY FIXES/PATCHES \"YOUR_ACCOUNT\",",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "32747",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-86021",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-14513",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3304",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "40880",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3304"
      },
      {
        "db": "BID",
        "id": "15178"
      },
      {
        "db": "PACKETSTORM",
        "id": "40880"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-194"
      }
    ]
  },
  "id": "VAR-200510-0068",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14513"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:45:24.713000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3304"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://rgod.altervista.org/phpnuke78sql.html"
      },
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/17315/"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/15178"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/20291"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/20292"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/20293"
      },
      {
        "trust": 1.2,
        "url": "http://www.vupen.com/english/advisories/2005/2191"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851"
      },
      {
        "trust": 1.2,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=113017049702436\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/22851"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2005/2191"
      },
      {
        "trust": 0.3,
        "url": "http://www.ncc.org.ve/php-nuke.php3?op=english"
      },
      {
        "trust": 0.3,
        "url": "http://www.irannuke.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/414329"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=113017049702436\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/32747/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2385/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3304"
      },
      {
        "db": "BID",
        "id": "15178"
      },
      {
        "db": "PACKETSTORM",
        "id": "40880"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-194"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-14513"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3304"
      },
      {
        "db": "BID",
        "id": "15178"
      },
      {
        "db": "PACKETSTORM",
        "id": "40880"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3304"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-194"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-10-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14513"
      },
      {
        "date": "2005-10-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2005-3304"
      },
      {
        "date": "2005-10-24T00:00:00",
        "db": "BID",
        "id": "15178"
      },
      {
        "date": "2005-10-25T18:06:56",
        "db": "PACKETSTORM",
        "id": "40880"
      },
      {
        "date": "2005-10-26T01:02:00",
        "db": "NVD",
        "id": "CVE-2005-3304"
      },
      {
        "date": "2005-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200510-194"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14513"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2005-3304"
      },
      {
        "date": "2005-10-24T00:00:00",
        "db": "BID",
        "id": "15178"
      },
      {
        "date": "2017-07-11T01:33:09.080000",
        "db": "NVD",
        "id": "CVE-2005-3304"
      },
      {
        "date": "2005-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200510-194"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-194"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP-Nuke Multiple modules remote SQL Injection vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-194"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sql injection",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "40880"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200510-194"
      }
    ],
    "trust": 0.7
  }
}

fkie_cve-2005-3304

Vulnerability from fkie_nvd

Published

2005-10-26 01:02

Modified

2024-11-21 00:01

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=113017049702436&w=2
cve@mitre.org	http://rgod.altervista.org/phpnuke78sql.html	Exploit, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/17315/	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/20291
cve@mitre.org	http://www.osvdb.org/20292
cve@mitre.org	http://www.osvdb.org/20293
cve@mitre.org	http://www.securityfocus.com/bid/15178
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2191
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/22851
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=113017049702436&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rgod.altervista.org/phpnuke78sql.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17315/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/20291
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/20292
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/20293
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15178
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2191
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/22851

Impacted products

	Vendor	Product	Version
	francisco_burzi	php-nuke	7.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9A4F5F-31CB-4097-85E9-B08B2530E9EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module."
    }
  ],
  "id": "CVE-2005-3304",
  "lastModified": "2024-11-21T00:01:34.643",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-10-26T01:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://rgod.altervista.org/phpnuke78sql.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17315/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20291"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20292"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20293"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15178"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2191"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://rgod.altervista.org/phpnuke78sql.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17315/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2005-3304

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2005-3304

Aliases

CVE-2005-3304

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3304",
    "description": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.",
    "id": "GSD-2005-3304"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3304"
      ],
      "details": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.",
      "id": "GSD-2005-3304",
      "modified": "2023-12-13T01:20:12.725220Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3304",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rgod.altervista.org/phpnuke78sql.html",
            "refsource": "MISC",
            "url": "http://rgod.altervista.org/phpnuke78sql.html"
          },
          {
            "name": "phpnuke-multiple-modules-sql-injection(22851)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851"
          },
          {
            "name": "15178",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/15178"
          },
          {
            "name": "20051023 PhpNuke 7.8 with all security fixes/patches \"Your_Account\",",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2"
          },
          {
            "name": "20293",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/20293"
          },
          {
            "name": "17315",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17315/"
          },
          {
            "name": "20292",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/20292"
          },
          {
            "name": "ADV-2005-2191",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2005/2191"
          },
          {
            "name": "20291",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/20291"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3304"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://rgod.altervista.org/phpnuke78sql.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://rgod.altervista.org/phpnuke78sql.html"
            },
            {
              "name": "17315",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/17315/"
            },
            {
              "name": "15178",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/15178"
            },
            {
              "name": "20291",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/20291"
            },
            {
              "name": "20292",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/20292"
            },
            {
              "name": "20293",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/20293"
            },
            {
              "name": "ADV-2005-2191",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2005/2191"
            },
            {
              "name": "20051023 PhpNuke 7.8 with all security fixes/patches \"Your_Account\",",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2"
            },
            {
              "name": "phpnuke-multiple-modules-sql-injection(22851)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-11T01:33Z",
      "publishedDate": "2005-10-26T01:02Z"
    }
  }
}

ghsa-p4qx-pmxg-37rx

Vulnerability from github

Published

2022-05-01 02:16

Modified

2022-05-01 02:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-3304"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-10-26T01:02:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.",
  "id": "GHSA-p4qx-pmxg-37rx",
  "modified": "2022-05-01T02:16:35Z",
  "published": "2022-05-01T02:16:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3304"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rgod.altervista.org/phpnuke78sql.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17315"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/20291"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/20292"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/20293"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/15178"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/2191"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2005-3304

Vulnerability from cvelistv5

var-200510-0068

Vulnerability from variot

fkie_cve-2005-3304

Vulnerability from fkie_nvd

gsd-2005-3304

Vulnerability from gsd

ghsa-p4qx-pmxg-37rx

Vulnerability from github

Tags

Sightings

Nomenclature