CVE-2003-0279

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/7558
http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html
http://www.securityfocus.com/bid/7588
http://marc.info/?l=bugtraq&m=105276019312980&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/11984

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:francisco_burzi:php-nuke:5.0:::::::*
	cpe:2.3:a:francisco_burzi:php-nuke:6.0:::::::*

Information

Published : 2003-06-15 21:00

Updated : 2017-07-10 18:29

NVD link : CVE-2003-0279

Mitre link : CVE-2003-0279

JSON object : View

CWE

NVD-CWE-Other

Products Affected

francisco_burzi

php-nuke

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/7558", "name": "7558", "tags": [], "refsource": "BID"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html", "name": "20030513 More and More SQL injection on PHP-Nuke 6.5.", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/7588", "name": "7588", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=105276019312980&w=2", "name": "20030512 Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984", "name": "phpnuke-web-sql-injection(11984)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0279", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-06-16T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:29Z"}

2.6 /10