VAR-200602-0353
Vulnerability from variot - Updated: 2023-12-18 12:59The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error. This may be used to carry out other attacks such as brute-force attempts against the login page.
TITLE: PHP-Nuke CAPTCHA Bypass Weakness
SECUNIA ADVISORY ID: SA18936
VERIFY ADVISORY: http://secunia.com/advisories/18936/
CRITICAL: Not critical
IMPACT: Security Bypass
WHERE:
From remote
SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ PHP-Nuke 6.x http://secunia.com/product/329/
DESCRIPTION: Janek Vind "waraxe" has reported a weakness in PHP-Nuke, which can be exploited by malicious people to bypass certain security restrictions.
A design error in the CAPTCHA security feature, which relies only on the "sitekey", the User-Agent HTTP header, a random number, and the current date to generate the response code can be exploited to bypass the security feature by replaying any random number and response code pair for the current day.
The weakness has been reported in versions 6.0 through 7.9.
SOLUTION: Do not rely on the CAPTCHA feature to prevent automated logons to PHP-Nuke.
PROVIDED AND/OR DISCOVERED BY: Janek Vind "waraxe"
ORIGINAL ADVISORY: http://www.waraxe.us/advisory-45.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200602-0353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.7"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.5_beta1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.5_rc3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.5_rc2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.5"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.5_final"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.5_rc1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "6.9"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.9"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.7"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.4"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.8"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.0_final"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "7.5"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.9"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.8"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.7"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.5"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.4"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "php nuke",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "16722"
},
{
"db": "NVD",
"id": "CVE-2006-0805"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0805"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Janek Vind \"waraxe\".",
"sources": [
{
"db": "BID",
"id": "16722"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
],
"trust": 0.9
},
"cve": "CVE-2006-0805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-16913",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-0805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200602-306",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-16913",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16913"
},
{
"db": "NVD",
"id": "CVE-2006-0805"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error. \nThis may be used to carry out other attacks such as brute-force attempts against the login page. \n\nTITLE:\nPHP-Nuke CAPTCHA Bypass Weakness\n\nSECUNIA ADVISORY ID:\nSA18936\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18936/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPHP-Nuke 7.x\nhttp://secunia.com/product/2385/\nPHP-Nuke 6.x\nhttp://secunia.com/product/329/\n\nDESCRIPTION:\nJanek Vind \"waraxe\" has reported a weakness in PHP-Nuke, which can be\nexploited by malicious people to bypass certain security\nrestrictions. \n\nA design error in the CAPTCHA security feature, which relies only on\nthe \"sitekey\", the User-Agent HTTP header, a random number, and the\ncurrent date to generate the response code can be exploited to bypass\nthe security feature by replaying any random number and response code\npair for the current day. \n\nThe weakness has been reported in versions 6.0 through 7.9. \n\nSOLUTION:\nDo not rely on the CAPTCHA feature to prevent automated logons to\nPHP-Nuke. \n\nPROVIDED AND/OR DISCOVERED BY:\nJanek Vind \"waraxe\"\n\nORIGINAL ADVISORY:\nhttp://www.waraxe.us/advisory-45.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0805"
},
{
"db": "BID",
"id": "16722"
},
{
"db": "VULHUB",
"id": "VHN-16913"
},
{
"db": "PACKETSTORM",
"id": "43986"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-16913",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16913"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "16722",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "18936",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2006-0805",
"trust": 1.7
},
{
"db": "SREASON",
"id": "455",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200602-306",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060218 [WARAXE-2006-SA#045] - BYPASSING CAPTCHA IN PHPNUKE 6.X-7.9",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-80866",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "27249",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-16913",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43986",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16913"
},
{
"db": "BID",
"id": "16722"
},
{
"db": "PACKETSTORM",
"id": "43986"
},
{
"db": "NVD",
"id": "CVE-2006-0805"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
]
},
"id": "VAR-200602-0353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-16913"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:59:21.130000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.waraxe.us/advisory-45.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16722"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18936"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/455"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/425394/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/425394/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.phpnuke.org"
},
{
"trust": 0.3,
"url": "/archive/1/425394"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18936/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/329/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2385/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16913"
},
{
"db": "BID",
"id": "16722"
},
{
"db": "PACKETSTORM",
"id": "43986"
},
{
"db": "NVD",
"id": "CVE-2006-0805"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-16913"
},
{
"db": "BID",
"id": "16722"
},
{
"db": "PACKETSTORM",
"id": "43986"
},
{
"db": "NVD",
"id": "CVE-2006-0805"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-16913"
},
{
"date": "2006-02-18T00:00:00",
"db": "BID",
"id": "16722"
},
{
"date": "2006-02-20T20:08:24",
"db": "PACKETSTORM",
"id": "43986"
},
{
"date": "2006-02-21T02:02:00",
"db": "NVD",
"id": "CVE-2006-0805"
},
{
"date": "2006-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-16913"
},
{
"date": "2006-02-21T17:57:00",
"db": "BID",
"id": "16722"
},
{
"date": "2018-10-18T16:29:06.977000",
"db": "NVD",
"id": "CVE-2006-0805"
},
{
"date": "2006-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHPNuke Security bypass vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "16722"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-306"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…