Details of VAR-200407-0016

ID

VAR-200407-0016

CVE

CVE-2004-0731

TITLE

PHP-Nuke Multiple Input Validation Vulnerabilities

Trust: 0.9

sources: BID: 10367 // CNNVD: CNNVD-200407-063

DESCRIPTION

Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. An attacker can carry out cross-site scripting and path disclosure attacks. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. PHP-Nuke incorrectly handles the data submitted by users in many places. A. Path Leakage The \"WebLinks\" module lacks filtering for the \"show\" variable, which can lead to path leaks: http://localhost/nuke73/modules.php?name=Web_Links&l_op=viewlink&cid=1&show=foobar Warning: Division by zero in D:\apache_wwwroot\nuke73\modules\Web_Links\index.php on\line 774 B. Multiple modules lack adequate filtering of variables, which can lead to cross-site scripting attacks and leak sensitive information of target users: http:// localhost/nuke73/modules.php?name=News&file=article&sid=1&optionbox=[xss code \here] http://localhost/nuke73/modules.php?name=Statistics&op=DailyStats&year=2004&month=5&da\te=[xss code here ] http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=[xss code\here]&month=05&month_l=May\http://localhost/nuke73/modules

Trust: 1.26

sources: NVD: CVE-2004-0731 // BID: 10367 // VULHUB: VHN-9161

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	8.0_final	Trust: 1.6
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.3	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.2	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.9	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.7	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc3	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc2	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc1	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke beta	scope:	eq	version:	6.51	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 10367 // CNNVD: CNNVD-200407-063 // NVD: CVE-2004-0731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0731
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200407-063
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-9161
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-0731
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9161
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9161 // CNNVD: CNNVD-200407-063 // NVD: CVE-2004-0731

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200407-063

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200407-063

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0731	Trust: 2.0
db:	CNNVD	id:	CNNVD-200407-063	Trust: 0.7
db:	BUGTRAQ	id:	20040716 [WARAXE-2004-SA#035 - MULTIPLE SECURITY HOLES IN PHPNUKE - PART 2]	Trust: 0.6
db:	XF	id:	16721	Trust: 0.6
db:	BID	id:	10367	Trust: 0.4
db:	VULHUB	id:	VHN-9161	Trust: 0.1

sources: VULHUB: VHN-9161 // BID: 10367 // CNNVD: CNNVD-200407-063 // NVD: CVE-2004-0731

REFERENCES

url:	http://www.waraxe.us/index.php?modname=sa&id=35	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16721	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=109002107329823&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/16721	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=109002107329823&w=2	Trust: 0.6
url:	http://marc.info/?l=bugtraq&m=109002107329823&w=2	Trust: 0.1
url:	http://www.waraxe.us/index.php?modname=sa&id=35	Trust: 0.1

sources: VULHUB: VHN-9161 // CNNVD: CNNVD-200407-063 // NVD: CVE-2004-0731

CREDITS

Janek Vind waraxe※ come2waraxe@yahoo.com

Trust: 0.6

sources: CNNVD: CNNVD-200407-063

SOURCES

db:	VULHUB	id:	VHN-9161
db:	BID	id:	10367
db:	CNNVD	id:	CNNVD-200407-063
db:	NVD	id:	CVE-2004-0731

LAST UPDATE DATE

2024-08-14T13:40:16.005000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9161	date:	2017-07-11T00:00:00
db:	BID	id:	10367	date:	2009-07-12T17:56:00
db:	CNNVD	id:	CNNVD-200407-063	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0731	date:	2017-07-11T01:30:25.370

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9161	date:	2004-07-27T00:00:00
db:	BID	id:	10367	date:	2004-05-17T00:00:00
db:	CNNVD	id:	CNNVD-200407-063	date:	2004-05-17T00:00:00
db:	NVD	id:	CVE-2004-0731	date:	2004-07-27T04:00:00