VAR-200306-0007
Vulnerability from variot - Updated: 2023-12-18 12:24Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks. It has been reported that multiple input validation bugs exist in the Web_Links module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitation could result in compromise of the web forums or more severe consequences. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. If the SQL agent allows users to use the UNION syntax, it is possible to expand any information inside the database through the Web_Links module, including passwords and personal data, but if the UNION syntax cannot be used, the attacker cannot access other SQL tables managed through WEB LINK, so Only some click-through rate and voting information can be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200306-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.0"
},
{
"model": "burzi php-nuke rc3",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc2",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc1",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke beta",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.51"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.6"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.6"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.3.1"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
},
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0279"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Albert Puigsech Galicia\u203b ripe@7a69ezine.org",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0279",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-7108",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0279",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200306-065",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-7108",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7108"
},
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks. It has been reported that multiple input validation bugs exist in the Web_Links module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitation could result in compromise of the web forums or more severe consequences. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. If the SQL agent allows users to use the UNION syntax, it is possible to expand any information inside the database through the Web_Links module, including passwords and personal data, but if the UNION syntax cannot be used, the attacker cannot access other SQL tables managed through WEB LINK, so Only some click-through rate and voting information can be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
},
{
"db": "VULHUB",
"id": "VHN-7108"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "7588",
"trust": 2.0
},
{
"db": "BID",
"id": "7558",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2003-0279",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065",
"trust": 0.7
},
{
"db": "XF",
"id": "11984",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030512 LOT OF SQL INJECTION ON PHP-NUKE 6.5 (SECURE WEBLOG!)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030513 MORE AND MORE SQL INJECTION ON PHP-NUKE 6.5.",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7108",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7108"
},
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
},
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"id": "VAR-200306-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7108"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:24:39.133000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0279"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/7558"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/7588"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=105276019312980\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11984"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105276019312980\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.irannuke.com/"
},
{
"trust": 0.3,
"url": "/archive/1/321358"
},
{
"trust": 0.3,
"url": "/archive/1/321181"
},
{
"trust": 0.3,
"url": "/archive/1/353291"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=105276019312980\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7108"
},
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
},
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-7108"
},
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
},
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-7108"
},
{
"date": "2003-05-13T00:00:00",
"db": "BID",
"id": "7588"
},
{
"date": "2003-05-12T00:00:00",
"db": "BID",
"id": "7558"
},
{
"date": "2003-06-16T04:00:00",
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"date": "2003-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-7108"
},
{
"date": "2003-05-13T00:00:00",
"db": "BID",
"id": "7588"
},
{
"date": "2003-05-12T00:00:00",
"db": "BID",
"id": "7558"
},
{
"date": "2017-07-11T01:29:30.477000",
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"date": "2006-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Web_Links Module remote SQL Injection code vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…