Details of VAR-200306-0007

ID

VAR-200306-0007

CVE

CVE-2003-0279

TITLE

PHP-Nuke Web_Links Module remote SQL Injection code vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200306-065

DESCRIPTION

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks. It has been reported that multiple input validation bugs exist in the Web_Links module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitation could result in compromise of the web forums or more severe consequences. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. If the SQL agent allows users to use the UNION syntax, it is possible to expand any information inside the database through the Web_Links module, including passwords and personal data, but if the UNION syntax cannot be used, the attacker cannot access other SQL tables managed through WEB LINK, so Only some click-through rate and voting information can be obtained

Trust: 1.53

sources: NVD: CVE-2003-0279 // BID: 7588 // BID: 7558 // VULHUB: VHN-7108

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	5.0	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.0	Trust: 1.6
vendor:	francisco	model:	burzi php-nuke rc3	scope:	eq	version:	6.5	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke rc2	scope:	eq	version:	6.5	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke rc1	scope:	eq	version:	6.5	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	6.5	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke beta	scope:	eq	version:	6.51	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.5	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.9	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.7	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.4	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.3.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke a	scope:	eq	version:	5.2	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.2	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 7588 // BID: 7558 // CNNVD: CNNVD-200306-065 // NVD: CVE-2003-0279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0279
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200306-065
value:	LOW
Trust: 0.6
VULHUB:	VHN-7108
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2003-0279
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7108
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7108 // CNNVD: CNNVD-200306-065 // NVD: CVE-2003-0279

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0279

THREAT TYPE

network

Trust: 0.6

sources: BID: 7588 // BID: 7558

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 7588 // BID: 7558

EXTERNAL IDS

db:	BID	id:	7588	Trust: 2.0
db:	BID	id:	7558	Trust: 2.0
db:	NVD	id:	CVE-2003-0279	Trust: 1.7
db:	CNNVD	id:	CNNVD-200306-065	Trust: 0.7
db:	XF	id:	11984	Trust: 0.6
db:	BUGTRAQ	id:	20030512 LOT OF SQL INJECTION ON PHP-NUKE 6.5 (SECURE WEBLOG!)	Trust: 0.6
db:	BUGTRAQ	id:	20030513 MORE AND MORE SQL INJECTION ON PHP-NUKE 6.5.	Trust: 0.6
db:	VULHUB	id:	VHN-7108	Trust: 0.1

sources: VULHUB: VHN-7108 // BID: 7588 // BID: 7558 // CNNVD: CNNVD-200306-065 // NVD: CVE-2003-0279

REFERENCES

url:	http://www.securityfocus.com/bid/7558	Trust: 1.7
url:	http://www.securityfocus.com/bid/7588	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/11984	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=105276019312980&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/11984	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=105276019312980&w=2	Trust: 0.6
url:	http://www.irannuke.com/	Trust: 0.3
url:	/archive/1/321358	Trust: 0.3
url:	/archive/1/321181	Trust: 0.3
url:	/archive/1/353291	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=105276019312980&w=2	Trust: 0.1

sources: VULHUB: VHN-7108 // BID: 7588 // BID: 7558 // CNNVD: CNNVD-200306-065 // NVD: CVE-2003-0279

CREDITS

Albert Puigsech Galicia※ ripe@7a69ezine.org

Trust: 0.6

sources: CNNVD: CNNVD-200306-065

SOURCES

db:	VULHUB	id:	VHN-7108
db:	BID	id:	7588
db:	BID	id:	7558
db:	CNNVD	id:	CNNVD-200306-065
db:	NVD	id:	CVE-2003-0279

LAST UPDATE DATE

2024-08-14T15:04:52.148000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7108	date:	2017-07-11T00:00:00
db:	BID	id:	7588	date:	2003-05-13T00:00:00
db:	BID	id:	7558	date:	2003-05-12T00:00:00
db:	CNNVD	id:	CNNVD-200306-065	date:	2006-09-22T00:00:00
db:	NVD	id:	CVE-2003-0279	date:	2017-07-11T01:29:30.477

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7108	date:	2003-06-16T00:00:00
db:	BID	id:	7588	date:	2003-05-13T00:00:00
db:	BID	id:	7558	date:	2003-05-12T00:00:00
db:	CNNVD	id:	CNNVD-200306-065	date:	2003-05-12T00:00:00
db:	NVD	id:	CVE-2003-0279	date:	2003-06-16T04:00:00