VAR-200601-0258
Vulnerability from variot - Updated: 2023-12-18 13:10SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. PHPNuke EV version 7.7 is vulnerable; earlier versions may also be affected.
For more information: SA17543
The vulnerability has been confirmed in version 7.7-R1.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: Originally reported in PHP-Nuke by sp3x.
Reported in PHPNuke EV by Lostmon.
ORIGINAL ADVISORY: http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html
OTHER REFERENCES: SA17543: http://secunia.com/advisories/17543/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200601-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke ev",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "7.7_r1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.7"
},
{
"model": "studios stronghold",
"scope": "eq",
"trust": 0.3,
"vendor": "firefly",
"version": "27.7"
}
],
"sources": [
{
"db": "BID",
"id": "16186"
},
{
"db": "NVD",
"id": "CVE-2006-0163"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke_ev:7.7_r1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0163"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lostmon is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "16186"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
],
"trust": 0.9
},
"cve": "CVE-2006-0163",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-16271",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-0163",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200601-108",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-16271",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16271"
},
{
"db": "NVD",
"id": "CVE-2006-0163"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. \nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. \nPHPNuke EV version 7.7 is vulnerable; earlier versions may also be affected. \n\nFor more information:\nSA17543\n\nThe vulnerability has been confirmed in version 7.7-R1. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nPROVIDED AND/OR DISCOVERED BY:\nOriginally reported in PHP-Nuke by sp3x. \n\nReported in PHPNuke EV by Lostmon. \n\nORIGINAL ADVISORY:\nhttp://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html\n\nOTHER REFERENCES:\nSA17543:\nhttp://secunia.com/advisories/17543/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0163"
},
{
"db": "BID",
"id": "16186"
},
{
"db": "VULHUB",
"id": "VHN-16271"
},
{
"db": "PACKETSTORM",
"id": "42959"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-16271",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16271"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "16186",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2006-0163",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "18394",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "22316",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0120",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200601-108",
"trust": 0.7
},
{
"db": "XF",
"id": "44978",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "27058",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-80678",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-16271",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "42959",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16271"
},
{
"db": "BID",
"id": "16186"
},
{
"db": "PACKETSTORM",
"id": "42959"
},
{
"db": "NVD",
"id": "CVE-2006-0163"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
]
},
"id": "VAR-200601-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-16271"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:10:40.166000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0163"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16186"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/22316"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18394"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0120"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44978"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44978"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0120"
},
{
"trust": 0.3,
"url": "http://nukevolution.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18394/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6767/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17543/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16271"
},
{
"db": "BID",
"id": "16186"
},
{
"db": "PACKETSTORM",
"id": "42959"
},
{
"db": "NVD",
"id": "CVE-2006-0163"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-16271"
},
{
"db": "BID",
"id": "16186"
},
{
"db": "PACKETSTORM",
"id": "42959"
},
{
"db": "NVD",
"id": "CVE-2006-0163"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-16271"
},
{
"date": "2006-01-09T00:00:00",
"db": "BID",
"id": "16186"
},
{
"date": "2006-01-11T05:48:09",
"db": "PACKETSTORM",
"id": "42959"
},
{
"date": "2006-01-11T21:03:00",
"db": "NVD",
"id": "CVE-2006-0163"
},
{
"date": "2006-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-16271"
},
{
"date": "2007-02-14T23:47:00",
"db": "BID",
"id": "16186"
},
{
"date": "2017-07-20T01:29:30.737000",
"db": "NVD",
"id": "CVE-2006-0163"
},
{
"date": "2006-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHPNuke EV Search Module SQL Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "16186"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "42959"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-108"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…