var-200412-1226
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. This issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke's handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "gte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "6.0"
},
{
"model": "php-nuke",
"scope": "lte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "7.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.7"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.9"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_final"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.0_final"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.1"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.6"
},
{
"model": "burzi php-nuke rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke beta",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.51"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Janek Vind\u203b come2waraxe@yahoo.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1842",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-10271",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-1842",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1842",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-738",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-10271",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2004-1842",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. \nThis issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke\u0027s handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-10271",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=23835",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "9895",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "11195",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2004-1842",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738",
"trust": 0.7
},
{
"db": "XF",
"id": "15596",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6194",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040322 [WARAXE-2004-SA#008 - EASY WAY TO GET SUPERADMIN RIGHTS IN PHPNUKE 6.X-7.1.0]",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "23835",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-77580",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-10271",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2004-1842",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"id": "VAR-200412-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-09T22:39:13.083000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.1,
"url": "https://github.com/faizhaffizudin/case-study-hamsa "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/9895"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/11195"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15596"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15596"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6194"
},
{
"trust": 0.3,
"url": "http://www.irannuke.com/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108006309112075\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/23835/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10271"
},
{
"date": "2004-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"date": "2004-03-16T00:00:00",
"db": "BID",
"id": "9895"
},
{
"date": "2004-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10271"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"date": "2004-03-16T00:00:00",
"db": "BID",
"id": "9895"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"date": "2024-02-08T20:46:14.233000",
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Image Tag management command execution vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.