cvelistv5 - cve-2008-0461

CVE-2008-0461 (GCVE-0-2008-0461)

Vulnerability from cvelistv5 – Published: 2008-01-25 15:00 – Updated: 2024-08-07 07:46

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/28624	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://www.exploit-db.com/exploits/4965	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/27408	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2008/0264	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:54.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28624",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28624"
          },
          {
            "name": "phpnuke-index-search-sql-injection(39850)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39850"
          },
          {
            "name": "4965",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4965"
          },
          {
            "name": "27408",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27408"
          },
          {
            "name": "ADV-2008-0264",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0264"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28624",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28624"
        },
        {
          "name": "phpnuke-index-search-sql-injection(39850)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39850"
        },
        {
          "name": "4965",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4965"
        },
        {
          "name": "27408",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27408"
        },
        {
          "name": "ADV-2008-0264",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0264"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0461",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28624",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28624"
            },
            {
              "name": "phpnuke-index-search-sql-injection(39850)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39850"
            },
            {
              "name": "4965",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4965"
            },
            {
              "name": "27408",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27408"
            },
            {
              "name": "ADV-2008-0264",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0264"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0461",
    "datePublished": "2008-01-25T15:00:00",
    "dateReserved": "2008-01-25T00:00:00",
    "dateUpdated": "2024-08-07T07:46:54.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.0_final\", \"matchCriteriaId\": \"268BAB8C-D5FF-48AB-8599-EA00C07AFAEE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n SQL en el fichero index.php del m\\u00f3dulo Search de PHP-Nuke 8.0 FINAL y versiones anteriores. Cuando magic_quotes_gpc est\\u00e1 deshabilitado, permite que atacantes remotos ejecuten comandos SQL de su elecci\\u00f3n usando el par\\u00e1metro sid en una acci\\u00f3n comments en modules.php. NOTA: algunos de estos detalles han sido obtenidos de terceros.\"}]",
      "id": "CVE-2008-0461",
      "lastModified": "2024-11-21T00:42:09.473",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2008-01-25T16:00:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/28624\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/27408\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0264\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39850\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/4965\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28624\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/27408\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0264\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39850\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/4965\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0461\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-25T16:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en el fichero index.php del m\u00f3dulo Search de PHP-Nuke 8.0 FINAL y versiones anteriores. Cuando magic_quotes_gpc est\u00e1 deshabilitado, permite que atacantes remotos ejecuten comandos SQL de su elecci\u00f3n usando el par\u00e1metro sid en una acci\u00f3n comments en modules.php. NOTA: algunos de estos detalles han sido obtenidos de terceros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0_final\",\"matchCriteriaId\":\"268BAB8C-D5FF-48AB-8599-EA00C07AFAEE\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/28624\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/27408\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0264\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39850\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/4965\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/27408\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/4965\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-0461

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0461

Aliases

CVE-2008-0461

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0461",
    "description": "SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information.",
    "id": "GSD-2008-0461"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0461"
      ],
      "details": "SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information.",
      "id": "GSD-2008-0461",
      "modified": "2023-12-13T01:22:58.499049Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0461",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28624",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28624"
          },
          {
            "name": "phpnuke-index-search-sql-injection(39850)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39850"
          },
          {
            "name": "4965",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/4965"
          },
          {
            "name": "27408",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27408"
          },
          {
            "name": "ADV-2008-0264",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0264"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0_final",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0461"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27408",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/27408"
            },
            {
              "name": "28624",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28624"
            },
            {
              "name": "ADV-2008-0264",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0264"
            },
            {
              "name": "phpnuke-index-search-sql-injection(39850)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39850"
            },
            {
              "name": "4965",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/4965"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-29T01:30Z",
      "publishedDate": "2008-01-25T16:00Z"
    }
  }
}

VAR-200801-0029

Vulnerability from variot - Updated: 2023-12-18 13:15

SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. PHP-Nuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: PHP-Nuke "modules/Search/index.php" SQL Injection

SECUNIA ADVISORY ID: SA28624

VERIFY ADVISORY: http://secunia.com/advisories/28624/

CRITICAL: Moderately critical

IMPACT: Manipulation of data, Exposure of sensitive information

WHERE:

From remote

SOFTWARE: PHP-Nuke 8.x http://secunia.com/product/13524/

DESCRIPTION: Foster & 1dt.w0lf have discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving the administrator password hash, but requires that "magic_quotes_gpc" is disabled - not the value recommended by the installer - and having knowledge of the database table prefix.

The vulnerability is confirmed in version 8.0. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised.

Set "magic_quotes_gpc" in php.ini to On.

Use another product.

PROVIDED AND/OR DISCOVERED BY: Foster & 1dt.w0lf

ORIGINAL ADVISORY: http://milw0rm.com/exploits/4965

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200801-0029",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php-nuke",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "8.0_final"
      },
      {
        "model": "php-nuke",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "francisco burzi",
        "version": "8.0 final"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "francisco burzi",
        "version": "8.0_final"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.9"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.8"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.7"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.6"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.3"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.2"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.1"
      },
      {
        "model": "burzi php-nuke final",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.9"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.7"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.6"
      },
      {
        "model": "burzi php-nuke rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke final",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.51"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.6"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.5"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.4"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.3.1"
      },
      {
        "model": "burzi php-nuke a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.2"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.2"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.1"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.0.1"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.0"
      },
      {
        "model": "burzi php-nuke a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "4.4.1"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "4.4"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "4.3"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "4.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "3.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "2.5"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "1.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "0.726-3"
      },
      {
        "model": "burzi php-nuke -rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "0.75"
      },
      {
        "model": "burzi php-nuke final",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "8.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "8.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27408"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-399"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0_final",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0461"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Foster \u0026 1dt.w0lf",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-399"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-0461",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2008-0461",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-30586",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-0461",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200801-399",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-30586",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30586"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-399"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information. PHP-Nuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. \nSuccessful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nPHP-Nuke \"modules/Search/index.php\" SQL Injection\n\nSECUNIA ADVISORY ID:\nSA28624\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28624/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nManipulation of data, Exposure of sensitive information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPHP-Nuke 8.x\nhttp://secunia.com/product/13524/\n\nDESCRIPTION:\nFoster \u0026 1dt.w0lf have discovered a vulnerability in PHP-Nuke, which\ncan be exploited by malicious people to conduct SQL injection\nattacks. This can be\nexploited to manipulate SQL queries by injecting arbitrary SQL code. \n\nSuccessful exploitation allows e.g. retrieving the administrator\npassword hash, but requires that \"magic_quotes_gpc\" is disabled - not\nthe value recommended by the installer - and having knowledge of the\ndatabase table prefix. \n\nThe vulnerability is confirmed in version 8.0. Other versions may\nalso be affected. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nSet \"magic_quotes_gpc\" in php.ini to On. \n\nUse another product. \n\nPROVIDED AND/OR DISCOVERED BY:\nFoster \u0026 1dt.w0lf\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/4965\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      },
      {
        "db": "BID",
        "id": "27408"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30586"
      },
      {
        "db": "PACKETSTORM",
        "id": "62907"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-30586",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30586"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-0461",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "27408",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "28624",
        "trust": 1.9
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4965",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0264",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002659",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-399",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "39850",
        "trust": 0.6
      },
      {
        "db": "MILW0RM",
        "id": "4965",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-65150",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-30586",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "62907",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30586"
      },
      {
        "db": "BID",
        "id": "27408"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      },
      {
        "db": "PACKETSTORM",
        "id": "62907"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-399"
      }
    ]
  },
  "id": "VAR-200801-0029",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30586"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:15:38.875000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://phpnuke.org/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30586"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0461"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/27408"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/28624"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/4965"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0264"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39850"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0461"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0461"
      },
      {
        "trust": 0.6,
        "url": "http://www.milw0rm.com/exploits/4965"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0264"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/39850"
      },
      {
        "trust": 0.3,
        "url": "http://phpnuke.org   "
      },
      {
        "trust": 0.1,
        "url": "http://milw0rm.com/exploits/4965"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13524/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28624/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30586"
      },
      {
        "db": "BID",
        "id": "27408"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      },
      {
        "db": "PACKETSTORM",
        "id": "62907"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-399"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-30586"
      },
      {
        "db": "BID",
        "id": "27408"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      },
      {
        "db": "PACKETSTORM",
        "id": "62907"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-399"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-01-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30586"
      },
      {
        "date": "2008-01-22T00:00:00",
        "db": "BID",
        "id": "27408"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      },
      {
        "date": "2008-01-24T03:55:21",
        "db": "PACKETSTORM",
        "id": "62907"
      },
      {
        "date": "2008-01-25T16:00:00",
        "db": "NVD",
        "id": "CVE-2008-0461"
      },
      {
        "date": "2008-01-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-399"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30586"
      },
      {
        "date": "2015-05-07T17:33:00",
        "db": "BID",
        "id": "27408"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      },
      {
        "date": "2017-09-29T01:30:17.660000",
        "db": "NVD",
        "id": "CVE-2008-0461"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-399"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-399"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP-Nuke of  Search Module  index.php In  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002659"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sql injection",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "62907"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-399"
      }
    ],
    "trust": 0.7
  }
}

FKIE_CVE-2008-0461

Vulnerability from fkie_nvd - Published: 2008-01-25 16:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28624	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/27408	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0264
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39850
cve@mitre.org	https://www.exploit-db.com/exploits/4965
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27408	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0264
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39850
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/4965

Impacted products

	Vendor	Product	Version
	francisco_burzi	php-nuke	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "268BAB8C-D5FF-48AB-8599-EA00C07AFAEE",
              "versionEndIncluding": "8.0_final",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en el fichero index.php del m\u00f3dulo Search de PHP-Nuke 8.0 FINAL y versiones anteriores. Cuando magic_quotes_gpc est\u00e1 deshabilitado, permite que atacantes remotos ejecuten comandos SQL de su elecci\u00f3n usando el par\u00e1metro sid en una acci\u00f3n comments en modules.php. NOTA: algunos de estos detalles han sido obtenidos de terceros."
    }
  ],
  "id": "CVE-2008-0461",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-25T16:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28624"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27408"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0264"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39850"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4965"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-58JG-8R7F-PHV2

Vulnerability from github – Published: 2022-05-01 23:30 – Updated: 2022-05-01 23:30

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-25T16:00:00Z",
    "severity": "MODERATE"
  },
  "details": "SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php.  NOTE: some of these details are obtained from third party information.",
  "id": "GHSA-58jg-8r7f-phv2",
  "modified": "2022-05-01T23:30:34Z",
  "published": "2022-05-01T23:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0461"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39850"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/4965"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28624"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27408"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0264"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0461 (GCVE-0-2008-0461)

GSD-2008-0461

VAR-200801-0029

FKIE_CVE-2008-0461

GHSA-58JG-8R7F-PHV2

Tags

Sightings

Nomenclature