Details of VAR-200312-0158

ID

VAR-200312-0158

CVE

CVE-2003-1210

TITLE

PHP-Nuke Multiple Downloads Component SQL Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-164

DESCRIPTION

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks

Trust: 1.26

sources: NVD: CVE-2003-1210 // BID: 7588 // VULHUB: VHN-8035

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc2	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc3	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc1	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_beta1	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_final	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.5	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke rc3	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc2	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc1	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke beta	scope:	eq	version:	6.51	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.5	Trust: 0.3

sources: BID: 7588 // CNNVD: CNNVD-200312-164 // NVD: CVE-2003-1210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1210
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200312-164
value:	HIGH
Trust: 0.6
VULHUB:	VHN-8035
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-1210
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8035
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8035 // CNNVD: CNNVD-200312-164 // NVD: CVE-2003-1210

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1210

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-164

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200312-164

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-8035

EXTERNAL IDS

db:	BID	id:	7588	Trust: 2.0
db:	NVD	id:	CVE-2003-1210	Trust: 1.7
db:	CNNVD	id:	CNNVD-200312-164	Trust: 0.7
db:	XF	id:	11984	Trust: 0.6
db:	BUGTRAQ	id:	20030513 MORE AND MORE SQL INJECTION ON PHP-NUKE 6.5.	Trust: 0.6
db:	SEEBUG	id:	SSVID-76396	Trust: 0.1
db:	EXPLOIT-DB	id:	22597	Trust: 0.1
db:	VULHUB	id:	VHN-8035	Trust: 0.1

sources: VULHUB: VHN-8035 // BID: 7588 // CNNVD: CNNVD-200312-164 // NVD: CVE-2003-1210

REFERENCES

url:	http://www.securityfocus.com/bid/7588	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/11984	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/11984	Trust: 0.6
url:	http://www.irannuke.com/	Trust: 0.3
url:	/archive/1/321358	Trust: 0.3

sources: VULHUB: VHN-8035 // BID: 7588 // CNNVD: CNNVD-200312-164 // NVD: CVE-2003-1210

CREDITS

Discovery is credited to Albert Puigsech Galicia <ripe@7a69ezine.org>.

Trust: 0.9

sources: BID: 7588 // CNNVD: CNNVD-200312-164

SOURCES

db:	VULHUB	id:	VHN-8035
db:	BID	id:	7588
db:	CNNVD	id:	CNNVD-200312-164
db:	NVD	id:	CVE-2003-1210

LAST UPDATE DATE

2024-08-14T15:04:52.179000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8035	date:	2017-07-11T00:00:00
db:	BID	id:	7588	date:	2003-05-13T00:00:00
db:	CNNVD	id:	CNNVD-200312-164	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-1210	date:	2017-07-11T01:29:50.197

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8035	date:	2003-12-31T00:00:00
db:	BID	id:	7588	date:	2003-05-13T00:00:00
db:	CNNVD	id:	CNNVD-200312-164	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1210	date:	2003-12-31T05:00:00