Sign-up

ID

VAR-200211-0013


CVE

CVE-2002-1242


TITLE

PHP-Nuke SQL Insert modify any user information vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200211-025

DESCRIPTION

SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. A SQL injection vulnerability has been reported for PHP-Nuke 5.6. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. By injecting SQL code into variables, it may be possible for an attacker to corrupt database information. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. An attacker can bypass the reference by inserting \'\'\\'\' in the \"bio\" field, resulting in SQL injection. The following operations can modify the password of any PHP-NUKE user to \"1\"

Trust: 1.26

sources: NVD: CVE-2002-1242 // BID: 6088 // VULHUB: VHN-5627

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:5.6

Trust: 1.6

vendor:franciscomodel:burzi php-nukescope:eqversion:5.6

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:neversion:6.0

Trust: 0.3

sources: BID: 6088 // CNNVD: CNNVD-200211-025 // NVD: CVE-2002-1242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1242
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200211-025
value: HIGH

Trust: 0.6

VULHUB: VHN-5627
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-1242
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5627
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5627 // CNNVD: CNNVD-200211-025 // NVD: CVE-2002-1242

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1242

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200211-025

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200211-025

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-5627

EXTERNAL IDS
db:BIDid:6088
Trust: 2.0
db:NVDid:CVE-2002-1242
Trust: 2.0
db:OSVDBid:6244
Trust: 1.7
db:CNNVDid:CNNVD-200211-025
Trust: 0.7
db:BUGTRAQid:20021101 IDEFENSE SECURITY ADVISORY 10.31.02C: PHP-NUKE SQL INJECTION VULNERABILITY
Trust: 0.6
db:XFid:10516
Trust: 0.6
db:VULNWATCHid:20021101 IDEFENSE SECURITY ADVISORY 10.31.02C: PHP-NUKE SQL INJECTION VULNERABILITY
Trust: 0.6
db:EXPLOIT-DBid:21977
Trust: 0.1
db:VULHUBid:VHN-5627
Trust: 0.1
sources:
            
            
            VULHUB: VHN-5627 // 
            
            
            
            BID: 6088 // 
            
            
            
            CNNVD: CNNVD-200211-025 // 
            
            
            
            NVD: CVE-2002-1242

REFERENCES
url:http://www.securityfocus.com/bid/6088
Trust: 1.7
url:http://www.idefense.com/advisory/10.31.02c.txt
Trust: 1.7
url:http://www.osvdb.org/6244
Trust: 1.7
url:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html
Trust: 1.7
url:http://www.iss.net/security_center/static/10516.php
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=103616324103171&w=2
Trust: 1.1
url:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2
Trust: 0.6
url:/archive/1/298193
Trust: 0.3
sources:
            
            
            VULHUB: VHN-5627 // 
            
            
            
            BID: 6088 // 
            
            
            
            CNNVD: CNNVD-200211-025 // 
            
            
            
            NVD: CVE-2002-1242

CREDITS
kill9 kill9@hackers.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200211-025

SOURCES
db:VULHUBid:VHN-5627
db:BIDid:6088
db:CNNVDid:CNNVD-200211-025
db:NVDid:CVE-2002-1242

LAST UPDATE DATE
2024-08-14T15:15:10.842000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-5627date:2016-10-18T00:00:00
db:BIDid:6088date:2009-07-11T18:06:00
db:CNNVDid:CNNVD-200211-025date:2012-11-30T00:00:00
db:NVDid:CVE-2002-1242date:2016-10-18T02:25:09.823

SOURCES RELEASE DATE
db:VULHUBid:VHN-5627date:2002-11-12T00:00:00
db:BIDid:6088date:2002-11-01T00:00:00
db:CNNVDid:CNNVD-200211-025date:2002-10-31T00:00:00
db:NVDid:CVE-2002-1242date:2002-11-12T05:00:00