Sign-up

ID

VAR-200404-0066


CVE

CVE-2004-1972


TITLE

PHP-Nuke Multiple Video Gallery Module SQL Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200404-095

DESCRIPTION

SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action. This is due to a failure of the application to properly sanitize user-supplied input prior to using it in an SQL query. These issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation

Trust: 1.26

sources: NVD: CVE-2004-1972 // BID: 10215 // VULHUB: VHN-10400

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:7.2

Trust: 1.6

vendor:franciscomodel:burzi php-nukescope:eqversion:7.2

Trust: 0.3

sources: BID: 10215 // CNNVD: CNNVD-200404-095 // NVD: CVE-2004-1972

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1972
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200404-095
value: HIGH

Trust: 0.6

VULHUB: VHN-10400
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-1972
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10400
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10400 // CNNVD: CNNVD-200404-095 // NVD: CVE-2004-1972

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1972

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200404-095

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200404-095

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-10400

EXTERNAL IDS
db:BIDid:10215
Trust: 2.0
db:NVDid:CVE-2004-1972
Trust: 1.7
db:CNNVDid:CNNVD-200404-095
Trust: 0.7
db:BUGTRAQid:20040426 MULTIPLE VULNERABILITIES PHP-NUKE VIDEO GALLERY MODULE FOR PHP-NUKE
Trust: 0.6
db:XFid:15979
Trust: 0.6
db:EXPLOIT-DBid:24060
Trust: 0.1
db:SEEBUGid:SSVID-77798
Trust: 0.1
db:VULHUBid:VHN-10400
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10400 // 
            
            
            
            BID: 10215 // 
            
            
            
            CNNVD: CNNVD-200404-095 // 
            
            
            
            NVD: CVE-2004-1972

REFERENCES
url:http://www.securityfocus.com/bid/10215
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15979
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=108308660628557&w=2
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/15979
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=108308660628557&w=2
Trust: 0.6
url:http://www.irannuke.com/
Trust: 0.3
url:/archive/1/361562
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=108308660628557&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10400 // 
            
            
            
            BID: 10215 // 
            
            
            
            CNNVD: CNNVD-200404-095 // 
            
            
            
            NVD: CVE-2004-1972

CREDITS
Disclosure of this issue is credited to "k1LL3r B0y" <k1ll3rb0y@hotmail.com>.
Trust: 0.9
sources:
            
            
            BID: 10215 // 
            
            
            
            CNNVD: CNNVD-200404-095

SOURCES
db:VULHUBid:VHN-10400
db:BIDid:10215
db:CNNVDid:CNNVD-200404-095
db:NVDid:CVE-2004-1972

LAST UPDATE DATE
2024-08-14T14:08:59.806000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-10400date:2017-07-11T00:00:00
db:BIDid:10215date:2004-04-26T00:00:00
db:CNNVDid:CNNVD-200404-095date:2005-10-20T00:00:00
db:NVDid:CVE-2004-1972date:2017-07-11T01:31:30.903

SOURCES RELEASE DATE
db:VULHUBid:VHN-10400date:2004-04-26T00:00:00
db:BIDid:10215date:2004-04-26T00:00:00
db:CNNVDid:CNNVD-200404-095date:2004-04-26T00:00:00
db:NVDid:CVE-2004-1972date:2004-04-26T04:00:00