var-200211-0013
Vulnerability from variot
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. A SQL injection vulnerability has been reported for PHP-Nuke 5.6. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. By injecting SQL code into variables, it may be possible for an attacker to corrupt database information. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. An attacker can bypass the reference by inserting \'\'\'\' in the \"bio\" field, resulting in SQL injection. The following operations can modify the password of any PHP-NUKE user to \"1\"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200211-0013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.6"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.6"
},
{
"model": "burzi php-nuke",
"scope": "ne",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "6088"
},
{
"db": "NVD",
"id": "CVE-2002-1242"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1242"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kill9 kill9@hackers.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5627",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1242",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200211-025",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5627",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5627"
},
{
"db": "NVD",
"id": "CVE-2002-1242"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the \"bio\" argument to modules.php. A SQL injection vulnerability has been reported for PHP-Nuke 5.6. \nThe vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. \nBy injecting SQL code into variables, it may be possible for an attacker to corrupt database information. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. An attacker can bypass the reference by inserting \\\u0027\\\u0027\\\\\u0027\\\u0027 in the \\\"bio\\\" field, resulting in SQL injection. The following operations can modify the password of any PHP-NUKE user to \\\"1\\\" ",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1242"
},
{
"db": "BID",
"id": "6088"
},
{
"db": "VULHUB",
"id": "VHN-5627"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5627",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5627"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6088",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1242",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "6244",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200211-025",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20021101 IDEFENSE SECURITY ADVISORY 10.31.02C: PHP-NUKE SQL INJECTION VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "10516",
"trust": 0.6
},
{
"db": "VULNWATCH",
"id": "20021101 IDEFENSE SECURITY ADVISORY 10.31.02C: PHP-NUKE SQL INJECTION VULNERABILITY",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21977",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5627",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5627"
},
{
"db": "BID",
"id": "6088"
},
{
"db": "NVD",
"id": "CVE-2002-1242"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
]
},
"id": "VAR-200211-0013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5627"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:41:03.749000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6088"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/advisory/10.31.02c.txt"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/6244"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10516.php"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=103616324103171\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103616324103171\u0026w=2"
},
{
"trust": 0.3,
"url": "/archive/1/298193"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5627"
},
{
"db": "BID",
"id": "6088"
},
{
"db": "NVD",
"id": "CVE-2002-1242"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5627"
},
{
"db": "BID",
"id": "6088"
},
{
"db": "NVD",
"id": "CVE-2002-1242"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5627"
},
{
"date": "2002-11-01T00:00:00",
"db": "BID",
"id": "6088"
},
{
"date": "2002-11-12T05:00:00",
"db": "NVD",
"id": "CVE-2002-1242"
},
{
"date": "2002-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-5627"
},
{
"date": "2009-07-11T18:06:00",
"db": "BID",
"id": "6088"
},
{
"date": "2016-10-18T02:25:09.823000",
"db": "NVD",
"id": "CVE-2002-1242"
},
{
"date": "2012-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke SQL Insert modify any user information vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200211-025"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.