Sign-up

ID

VAR-200404-0099


CVE

CVE-2004-1932


TITLE

francisco burzi  of  php-nuke  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000951

DESCRIPTION

SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. francisco burzi of php-nuke Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PHP-Nuke is prone to a sql-injection vulnerability. Files (1) auth.php and (2) admin.php in PHP-Nuke versions 6.x to 7.2 contain SQL injection vulnerabilities

Trust: 1.98

sources: NVD: CVE-2004-1932 // JVNDB: JVNDB-2004-000951 // BID: 82565 // VULHUB: VHN-10360

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:6.9

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:6.7

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:6.6

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:6.5

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:7.1

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:7.2

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:7.0

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_beta1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_final

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.0_final

Trust: 1.0

vendor:francisco burzimodel:php-nukescope: - version: -

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 rc1

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 beta1

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 rc3

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 final

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion: -

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 rc2

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:7.0 final

Trust: 0.8

vendor:franciscomodel:burzi php-nukescope:eqversion:7.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.7

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.6

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke beta1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

sources: BID: 82565 // JVNDB: JVNDB-2004-000951 // CNNVD: CNNVD-200404-020 // NVD: CVE-2004-1932

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1932
value: HIGH

Trust: 1.0

NVD: CVE-2004-1932
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200404-020
value: HIGH

Trust: 0.6

VULHUB: VHN-10360
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-1932
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-10360
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10360 // JVNDB: JVNDB-2004-000951 // CNNVD: CNNVD-200404-020 // NVD: CVE-2004-1932

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000951 // NVD: CVE-2004-1932

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200404-020

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200404-020

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-10360

EXTERNAL IDS
db:NVDid:CVE-2004-1932
Trust: 3.6
db:XFid:15835
Trust: 0.9
db:JVNDBid:JVNDB-2004-000951
Trust: 0.8
db:CNNVDid:CNNVD-200404-020
Trust: 0.7
db:BUGTRAQid:20040412 [WARAXE-2004-SA#018 - ADMIN-LEVEL AUTHENTICATION BYPASS IN PHPNUKE 6.X-7.2]
Trust: 0.6
db:BIDid:82565
Trust: 0.4
db:EXPLOIT-DBid:465
Trust: 0.1
db:VULHUBid:VHN-10360
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10360 // 
            
            
            
            BID: 82565 // 
            
            
            
            JVNDB: JVNDB-2004-000951 // 
            
            
            
            CNNVD: CNNVD-200404-020 // 
            
            
            
            NVD: CVE-2004-1932

REFERENCES
url:http://www.waraxe.us/index.php?modname=sa&id=18
Trust: 2.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15835
Trust: 1.9
url:http://marc.info/?l=bugtraq&m=108180334918576&w=2
Trust: 1.8
url:http://marc.theaimsgroup.com/?l=bugtraq&m=108180334918576&w=2
Trust: 0.9
url:http://xforce.iss.net/xforce/xfdb/15835
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2004-1932
Trust: 0.8
url:http://marc.info/?l=bugtraq&m=108180334918576&w=2
Trust: 0.1
url:http://www.waraxe.us/index.php?modname=sa&id=18
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10360 // 
            
            
            
            BID: 82565 // 
            
            
            
            JVNDB: JVNDB-2004-000951 // 
            
            
            
            CNNVD: CNNVD-200404-020 // 
            
            
            
            NVD: CVE-2004-1932

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 82565

SOURCES
db:VULHUBid:VHN-10360
db:BIDid:82565
db:JVNDBid:JVNDB-2004-000951
db:CNNVDid:CNNVD-200404-020
db:NVDid:CVE-2004-1932

LAST UPDATE DATE
2024-11-23T22:28:48.103000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-10360date:2017-07-11T00:00:00
db:BIDid:82565date:2004-04-12T00:00:00
db:JVNDBid:JVNDB-2004-000951date:2024-09-02T01:11:00
db:CNNVDid:CNNVD-200404-020date:2005-10-20T00:00:00
db:NVDid:CVE-2004-1932date:2024-11-20T23:52:05.343

SOURCES RELEASE DATE
db:VULHUBid:VHN-10360date:2004-04-12T00:00:00
db:BIDid:82565date:2004-04-12T00:00:00
db:JVNDBid:JVNDB-2004-000951date:2024-09-02T00:00:00
db:CNNVDid:CNNVD-200404-020date:2004-04-12T00:00:00
db:NVDid:CVE-2004-1932date:2004-04-12T04:00:00