VAR-200801-0029
Vulnerability from variot - Updated: 2023-12-18 13:15SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. PHP-Nuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: PHP-Nuke "modules/Search/index.php" SQL Injection
SECUNIA ADVISORY ID: SA28624
VERIFY ADVISORY: http://secunia.com/advisories/28624/
CRITICAL: Moderately critical
IMPACT: Manipulation of data, Exposure of sensitive information
WHERE:
From remote
SOFTWARE: PHP-Nuke 8.x http://secunia.com/product/13524/
DESCRIPTION: Foster & 1dt.w0lf have discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows e.g. retrieving the administrator password hash, but requires that "magic_quotes_gpc" is disabled - not the value recommended by the installer - and having knowledge of the database table prefix.
The vulnerability is confirmed in version 8.0. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
Set "magic_quotes_gpc" in php.ini to On.
Use another product.
PROVIDED AND/OR DISCOVERED BY: Foster & 1dt.w0lf
ORIGINAL ADVISORY: http://milw0rm.com/exploits/4965
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200801-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "lte",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "8.0_final"
},
{
"model": "php-nuke",
"scope": "lte",
"trust": 0.8,
"vendor": "francisco burzi",
"version": "8.0 final"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "8.0_final"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.8"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.6"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.3"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.1"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.6"
},
{
"model": "burzi php-nuke rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke beta",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.51"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.6"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.3.1"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.4.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.3"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "3.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "2.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "1.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "0.726-3"
},
{
"model": "burzi php-nuke -rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "0.75"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "8.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "8.0"
}
],
"sources": [
{
"db": "BID",
"id": "27408"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002659"
},
{
"db": "NVD",
"id": "CVE-2008-0461"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-399"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0_final",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0461"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Foster \u0026 1dt.w0lf",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-399"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0461",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-0461",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-30586",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-0461",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200801-399",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-30586",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30586"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002659"
},
{
"db": "NVD",
"id": "CVE-2008-0461"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-399"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. PHP-Nuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. \nSuccessful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nPHP-Nuke \"modules/Search/index.php\" SQL Injection\n\nSECUNIA ADVISORY ID:\nSA28624\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28624/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nManipulation of data, Exposure of sensitive information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPHP-Nuke 8.x\nhttp://secunia.com/product/13524/\n\nDESCRIPTION:\nFoster \u0026 1dt.w0lf have discovered a vulnerability in PHP-Nuke, which\ncan be exploited by malicious people to conduct SQL injection\nattacks. This can be\nexploited to manipulate SQL queries by injecting arbitrary SQL code. \n\nSuccessful exploitation allows e.g. retrieving the administrator\npassword hash, but requires that \"magic_quotes_gpc\" is disabled - not\nthe value recommended by the installer - and having knowledge of the\ndatabase table prefix. \n\nThe vulnerability is confirmed in version 8.0. Other versions may\nalso be affected. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nSet \"magic_quotes_gpc\" in php.ini to On. \n\nUse another product. \n\nPROVIDED AND/OR DISCOVERED BY:\nFoster \u0026 1dt.w0lf\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/4965\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0461"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002659"
},
{
"db": "BID",
"id": "27408"
},
{
"db": "VULHUB",
"id": "VHN-30586"
},
{
"db": "PACKETSTORM",
"id": "62907"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-30586",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30586"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0461",
"trust": 2.8
},
{
"db": "BID",
"id": "27408",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "28624",
"trust": 1.9
},
{
"db": "EXPLOIT-DB",
"id": "4965",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2008-0264",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002659",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200801-399",
"trust": 0.7
},
{
"db": "XF",
"id": "39850",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "4965",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-65150",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-30586",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62907",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30586"
},
{
"db": "BID",
"id": "27408"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002659"
},
{
"db": "PACKETSTORM",
"id": "62907"
},
{
"db": "NVD",
"id": "CVE-2008-0461"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-399"
}
]
},
"id": "VAR-200801-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30586"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:15:38.875000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://phpnuke.org/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002659"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30586"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002659"
},
{
"db": "NVD",
"id": "CVE-2008-0461"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/27408"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28624"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/4965"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0264"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39850"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0461"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0461"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/4965"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0264"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/39850"
},
{
"trust": 0.3,
"url": "http://phpnuke.org "
},
{
"trust": 0.1,
"url": "http://milw0rm.com/exploits/4965"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13524/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28624/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30586"
},
{
"db": "BID",
"id": "27408"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002659"
},
{
"db": "PACKETSTORM",
"id": "62907"
},
{
"db": "NVD",
"id": "CVE-2008-0461"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-399"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-30586"
},
{
"db": "BID",
"id": "27408"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002659"
},
{
"db": "PACKETSTORM",
"id": "62907"
},
{
"db": "NVD",
"id": "CVE-2008-0461"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-399"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-30586"
},
{
"date": "2008-01-22T00:00:00",
"db": "BID",
"id": "27408"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002659"
},
{
"date": "2008-01-24T03:55:21",
"db": "PACKETSTORM",
"id": "62907"
},
{
"date": "2008-01-25T16:00:00",
"db": "NVD",
"id": "CVE-2008-0461"
},
{
"date": "2008-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-399"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-30586"
},
{
"date": "2015-05-07T17:33:00",
"db": "BID",
"id": "27408"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002659"
},
{
"date": "2017-09-29T01:30:17.660000",
"db": "NVD",
"id": "CVE-2008-0461"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-399"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-399"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke of Search Module index.php In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002659"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "62907"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-399"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…