CVE-2005-3304

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://rgod.altervista.org/phpnuke78sql.html	Exploit Vendor Advisory
http://secunia.com/advisories/17315/	Vendor Advisory
http://www.securityfocus.com/bid/15178
http://www.osvdb.org/20291
http://www.osvdb.org/20292
http://www.osvdb.org/20293
http://www.vupen.com/english/advisories/2005/2191
http://marc.info/?l=bugtraq&m=113017049702436&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/22851

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*

Information

Published : 2005-10-25 18:02

Updated : 2017-07-10 18:33

NVD link : CVE-2005-3304

Mitre link : CVE-2005-3304

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

francisco_burzi

php-nuke

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://rgod.altervista.org/phpnuke78sql.html", "name": "http://rgod.altervista.org/phpnuke78sql.html", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/17315/", "name": "17315", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/15178", "name": "15178", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/20291", "name": "20291", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/20292", "name": "20292", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/20293", "name": "20293", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2005/2191", "name": "ADV-2005-2191", "tags": [], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=bugtraq&m=113017049702436&w=2", "name": "20051023 PhpNuke 7.8 with all security fixes/patches \"Your_Account\",", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851", "name": "phpnuke-multiple-modules-sql-injection(22851)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-3304", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-10-26T01:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:33Z"}