Sign-up

ID

VAR-200411-0029


CVE

CVE-2004-0269


TITLE

francisco burzi  of  php-nuke  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000750

DESCRIPTION

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. francisco burzi of php-nuke Exists in unspecified vulnerabilities.None. It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the 'index.php' page. PHPNuke versions 6.9 and prior have been reported to be prone to this issue, however other versions may be affected as well. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. The \'\'index.php\'\' script included in PHP-Nuke lacks adequate filtering of the parameters submitted by users. When performing a search, the index.php script does not fully filter the data submitted by the user to the $category variable. Submitting data containing SQL commands as the $category variable parameter can change the original database logic, obtain database sensitive information and modify database content

Trust: 1.98

sources: NVD: CVE-2004-0269 // JVNDB: JVNDB-2004-000750 // BID: 9630 // VULHUB: VHN-8699

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:4.4.1a

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:2.5

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:5.0

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:4.4

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:3.0

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:1.0

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:4.0

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:5.5

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:5.2

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:5.0.1

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:5.4

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:5.2a

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:5.1

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:5.6

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:4.3

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:5.3.1

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.7

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.6

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_final

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_beta1

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc3

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc2

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc1

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.9

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion: -

Trust: 0.8

vendor:francisco burzimodel:php-nukescope: - version: -

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 beta1

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 final

Trust: 0.8

vendor:franciscomodel:burzi php-nukescope:eqversion:6.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.7

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.6

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke betascope:eqversion:6.51

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.6

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.4

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.3.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke ascope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.0.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.0

Trust: 0.3

vendor:franciscomodel:burzi php-nuke ascope:eqversion:4.4.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.4

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:3.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:2.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:1.0

Trust: 0.3

sources: BID: 9630 // JVNDB: JVNDB-2004-000750 // CNNVD: CNNVD-200411-123 // NVD: CVE-2004-0269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0269
value: MEDIUM

Trust: 1.0

NVD: CVE-2004-0269
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200411-123
value: MEDIUM

Trust: 0.6

VULHUB: VHN-8699
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0269
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8699
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8699 // JVNDB: JVNDB-2004-000750 // CNNVD: CNNVD-200411-123 // NVD: CVE-2004-0269

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000750 // NVD: CVE-2004-0269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200411-123

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200411-123

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-8699

EXTERNAL IDS
db:NVDid:CVE-2004-0269
Trust: 3.6
db:BIDid:9630
Trust: 2.8
db:JVNDBid:JVNDB-2004-000750
Trust: 0.8
db:CNNVDid:CNNVD-200411-123
Trust: 0.7
db:BUGTRAQid:20040210 [SCAN ASSOCIATES SDN BHD SECURITY ADVISORY] PHPNUKE 6.9 > AND BELOW SQL INJECTION IN MULTIPLE MODULE
Trust: 0.6
db:XFid:15115
Trust: 0.6
db:SEEBUGid:SSVID-76388
Trust: 0.1
db:SEEBUGid:SSVID-77430
Trust: 0.1
db:EXPLOIT-DBid:22589
Trust: 0.1
db:EXPLOIT-DBid:23680
Trust: 0.1
db:VULHUBid:VHN-8699
Trust: 0.1
sources:
            
            
            VULHUB: VHN-8699 // 
            
            
            
            BID: 9630 // 
            
            
            
            JVNDB: JVNDB-2004-000750 // 
            
            
            
            CNNVD: CNNVD-200411-123 // 
            
            
            
            NVD: CVE-2004-0269

REFERENCES
url:http://www.securityfocus.com/bid/9630
Trust: 2.5
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15115
Trust: 1.9
url:http://marc.info/?l=bugtraq&m=107643348117646&w=2
Trust: 1.8
url:http://www.scan-associates.net/papers/phpnuke69.txt
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2004-0269
Trust: 0.8
url:http://marc.theaimsgroup.com/?l=bugtraq&m=107643348117646&w=2
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/15115
Trust: 0.6
url:/archive/1/353291
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=107643348117646&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-8699 // 
            
            
            
            BID: 9630 // 
            
            
            
            JVNDB: JVNDB-2004-000750 // 
            
            
            
            CNNVD: CNNVD-200411-123 // 
            
            
            
            NVD: CVE-2004-0269

CREDITS
pokleyzz※ pokleyzz@scan-associates.net
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200411-123

SOURCES
db:VULHUBid:VHN-8699
db:BIDid:9630
db:JVNDBid:JVNDB-2004-000750
db:CNNVDid:CNNVD-200411-123
db:NVDid:CVE-2004-0269

LAST UPDATE DATE
2024-08-14T14:48:10.984000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-8699date:2017-07-11T00:00:00
db:BIDid:9630date:2009-07-12T02:06:00
db:JVNDBid:JVNDB-2004-000750date:2024-05-27T03:27:00
db:CNNVDid:CNNVD-200411-123date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0269date:2017-07-11T01:30:01.510

SOURCES RELEASE DATE
db:VULHUBid:VHN-8699date:2004-11-23T00:00:00
db:BIDid:9630date:2004-02-10T00:00:00
db:JVNDBid:JVNDB-2004-000750date:2024-05-27T00:00:00
db:CNNVDid:CNNVD-200411-123date:2004-02-10T00:00:00
db:NVDid:CVE-2004-0269date:2004-11-23T05:00:00