var-200306-0007
Vulnerability from variot
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks. It has been reported that multiple input validation bugs exist in the Web_Links module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitation could result in compromise of the web forums or more severe consequences. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. If the SQL agent allows users to use the UNION syntax, it is possible to expand any information inside the database through the Web_Links module, including passwords and personal data, but if the UNION syntax cannot be used, the attacker cannot access other SQL tables managed through WEB LINK, so Only some click-through rate and voting information can be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200306-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.0"
},
{
"model": "burzi php-nuke rc3",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc2",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc1",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke beta",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.51"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.6"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.6"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.3.1"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
},
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0279"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Albert Puigsech Galicia\u203b ripe@7a69ezine.org",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0279",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-7108",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0279",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200306-065",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-7108",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7108"
},
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks. It has been reported that multiple input validation bugs exist in the Web_Links module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitation could result in compromise of the web forums or more severe consequences. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. If the SQL agent allows users to use the UNION syntax, it is possible to expand any information inside the database through the Web_Links module, including passwords and personal data, but if the UNION syntax cannot be used, the attacker cannot access other SQL tables managed through WEB LINK, so Only some click-through rate and voting information can be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
},
{
"db": "VULHUB",
"id": "VHN-7108"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "7588",
"trust": 2.0
},
{
"db": "BID",
"id": "7558",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2003-0279",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065",
"trust": 0.7
},
{
"db": "XF",
"id": "11984",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030512 LOT OF SQL INJECTION ON PHP-NUKE 6.5 (SECURE WEBLOG!)",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030513 MORE AND MORE SQL INJECTION ON PHP-NUKE 6.5.",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7108",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7108"
},
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
},
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"id": "VAR-200306-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7108"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:24:39.133000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0279"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/7558"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/7588"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=105276019312980\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11984"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105276019312980\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.irannuke.com/"
},
{
"trust": 0.3,
"url": "/archive/1/321358"
},
{
"trust": 0.3,
"url": "/archive/1/321181"
},
{
"trust": 0.3,
"url": "/archive/1/353291"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=105276019312980\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7108"
},
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
},
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-7108"
},
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
},
{
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-7108"
},
{
"date": "2003-05-13T00:00:00",
"db": "BID",
"id": "7588"
},
{
"date": "2003-05-12T00:00:00",
"db": "BID",
"id": "7558"
},
{
"date": "2003-06-16T04:00:00",
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"date": "2003-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-7108"
},
{
"date": "2003-05-13T00:00:00",
"db": "BID",
"id": "7588"
},
{
"date": "2003-05-12T00:00:00",
"db": "BID",
"id": "7558"
},
{
"date": "2017-07-11T01:29:30.477000",
"db": "NVD",
"id": "CVE-2003-0279"
},
{
"date": "2006-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Web_Links Module remote SQL Injection code vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-065"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "7588"
},
{
"db": "BID",
"id": "7558"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.