Details of VAR-200404-0097

ID

VAR-200404-0097

CVE

CVE-2004-1929

TITLE

francisco burzi of php-nuke Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000962

DESCRIPTION

SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. francisco burzi of php-nuke Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input. As a result of these issues an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information

Trust: 1.98

sources: NVD: CVE-2004-1929 // JVNDB: JVNDB-2004-000962 // BID: 10135 // VULHUB: VHN-10358

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.0	Trust: 2.4
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.6	Trust: 2.4
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.7	Trust: 2.4
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5	Trust: 2.4
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.9	Trust: 2.4
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.2	Trust: 1.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	5.5	Trust: 1.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0	Trust: 1.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.1	Trust: 1.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc2	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc3	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc1	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_beta1	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_final	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0_final	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	-	Trust: 0.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5 beta1	Trust: 0.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5 rc3	Trust: 0.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5 rc2	Trust: 0.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0 final	Trust: 0.8
vendor:	francisco burzi	model:	php-nuke	scope:	-	version:	-	Trust: 0.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5 final	Trust: 0.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5 rc1	Trust: 0.8
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.2	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.9	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.7	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc3	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc2	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc1	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke beta	scope:	eq	version:	6.51	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.5	Trust: 0.3

sources: BID: 10135 // JVNDB: JVNDB-2004-000962 // CNNVD: CNNVD-200404-022 // NVD: CVE-2004-1929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1929
value:	HIGH
Trust: 1.0
NVD:	CVE-2004-1929
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200404-022
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10358
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1929
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-10358
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10358 // JVNDB: JVNDB-2004-000962 // CNNVD: CNNVD-200404-022 // NVD: CVE-2004-1929

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000962 // NVD: CVE-2004-1929

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200404-022

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200404-022

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-10358

EXTERNAL IDS

db:	NVD	id:	CVE-2004-1929	Trust: 3.3
db:	BID	id:	10135	Trust: 2.8
db:	SECUNIA	id:	11347	Trust: 2.5
db:	JVNDB	id:	JVNDB-2004-000962	Trust: 0.8
db:	XF	id:	15839	Trust: 0.6
db:	BUGTRAQ	id:	20040412 [WARAXE-2004-SA#017 - USER-LEVEL AUTHENTICATION BYPASS IN PHPNUKE 6.X-7.2]	Trust: 0.6
db:	CNNVD	id:	CNNVD-200404-022	Trust: 0.6
db:	EXPLOIT-DB	id:	23998	Trust: 0.1
db:	SEEBUG	id:	SSVID-77736	Trust: 0.1
db:	VULHUB	id:	VHN-10358	Trust: 0.1

sources: VULHUB: VHN-10358 // BID: 10135 // JVNDB: JVNDB-2004-000962 // CNNVD: CNNVD-200404-022 // NVD: CVE-2004-1929

REFERENCES

url:	http://www.securityfocus.com/bid/10135	Trust: 2.5
url:	http://secunia.com/advisories/11347	Trust: 2.5
url:	http://www.waraxe.us/index.php?modname=sa&id=17	Trust: 2.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15839	Trust: 1.9
url:	http://marc.info/?l=bugtraq&m=108180111826852&w=2	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2004-1929	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/15839	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108180111826852&w=2	Trust: 0.6
url:	http://www.zone.ee/waraxe/?modname=sa&id=018	Trust: 0.3
url:	http://www.zone.ee/waraxe/?modname=sa&id=017	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108180111826852&w=2	Trust: 0.1
url:	http://www.waraxe.us/index.php?modname=sa&id=17	Trust: 0.1

sources: VULHUB: VHN-10358 // BID: 10135 // JVNDB: JVNDB-2004-000962 // CNNVD: CNNVD-200404-022 // NVD: CVE-2004-1929

CREDITS

Disclosure of this issue is credited to Janek Vind "waraxe".

Trust: 0.9

sources: BID: 10135 // CNNVD: CNNVD-200404-022

SOURCES

db:	VULHUB	id:	VHN-10358
db:	BID	id:	10135
db:	JVNDB	id:	JVNDB-2004-000962
db:	CNNVD	id:	CNNVD-200404-022
db:	NVD	id:	CVE-2004-1929

LAST UPDATE DATE

2024-09-05T04:46:58.433000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10358	date:	2017-07-11T00:00:00
db:	BID	id:	10135	date:	2004-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2004-000962	date:	2024-09-02T09:30:00
db:	CNNVD	id:	CNNVD-200404-022	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1929	date:	2017-07-11T01:31:28.543

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10358	date:	2004-04-13T00:00:00
db:	BID	id:	10135	date:	2004-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2004-000962	date:	2024-09-02T00:00:00
db:	CNNVD	id:	CNNVD-200404-022	date:	2004-04-13T00:00:00
db:	NVD	id:	CVE-2004-1929	date:	2004-04-13T04:00:00