Sign-up

ID

VAR-200411-0123


CVE

CVE-2004-0266


TITLE

PHP-Nuke Public Message SQL Injection Vulnerability

Trust: 0.9

sources: BID: 9615 // CNNVD: CNNVD-200411-090

DESCRIPTION

SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. francisco burzi of php-nuke Exists in unspecified vulnerabilities.None. The issue is due to improper sanitization of user-defined parameters supplied to the module. As a result, an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information

Trust: 1.98

sources: NVD: CVE-2004-0266 // JVNDB: JVNDB-2004-000749 // BID: 9615 // VULHUB: VHN-8696

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:6.6

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:7.0

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:6.9

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:7.1

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:6.7

Trust: 2.4

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5

Trust: 1.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_final

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.0_final

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_beta1

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion: -

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 rc1

Trust: 0.8

vendor:francisco burzimodel:php-nukescope: - version: -

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 beta1

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:7.0 final

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 final

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 rc3

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:6.5 rc2

Trust: 0.8

vendor:franciscomodel:burzi php-nukescope:eqversion:7.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.7

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.6

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke betascope:eqversion:6.51

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

sources: BID: 9615 // JVNDB: JVNDB-2004-000749 // CNNVD: CNNVD-200411-090 // NVD: CVE-2004-0266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0266
value: MEDIUM

Trust: 1.0

NVD: CVE-2004-0266
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200411-090
value: MEDIUM

Trust: 0.6

VULHUB: VHN-8696
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0266
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8696
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8696 // JVNDB: JVNDB-2004-000749 // CNNVD: CNNVD-200411-090 // NVD: CVE-2004-0266

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000749 // NVD: CVE-2004-0266

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200411-090

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200411-090

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-8696

EXTERNAL IDS
db:NVDid:CVE-2004-0266
Trust: 3.6
db:BIDid:9615
Trust: 2.8
db:JVNDBid:JVNDB-2004-000749
Trust: 0.8
db:CNNVDid:CNNVD-200411-090
Trust: 0.7
db:XFid:15080
Trust: 0.6
db:BUGTRAQid:20040208 [WARAXE-2004-SA#003] - SQL INJECTION IN PHP-NUKE 7.1.0
Trust: 0.6
db:SEEBUGid:SSVID-77420
Trust: 0.1
db:EXPLOIT-DBid:23670
Trust: 0.1
db:VULHUBid:VHN-8696
Trust: 0.1
sources:
            
            
            VULHUB: VHN-8696 // 
            
            
            
            BID: 9615 // 
            
            
            
            JVNDB: JVNDB-2004-000749 // 
            
            
            
            CNNVD: CNNVD-200411-090 // 
            
            
            
            NVD: CVE-2004-0266

REFERENCES
url:http://www.securityfocus.com/bid/9615
Trust: 2.5
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15080
Trust: 1.9
url:http://marc.info/?l=bugtraq&m=107635110327066&w=2
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2004-0266
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/15080
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=107635110327066&w=2
Trust: 0.6
url:/archive/1/353201
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=107635110327066&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-8696 // 
            
            
            
            BID: 9615 // 
            
            
            
            JVNDB: JVNDB-2004-000749 // 
            
            
            
            CNNVD: CNNVD-200411-090 // 
            
            
            
            NVD: CVE-2004-0266

CREDITS
Discovery of this issue has been credited to Janek Vind <come2waraxe@yahoo.com>.
Trust: 0.9
sources:
            
            
            BID: 9615 // 
            
            
            
            CNNVD: CNNVD-200411-090

SOURCES
db:VULHUBid:VHN-8696
db:BIDid:9615
db:JVNDBid:JVNDB-2004-000749
db:CNNVDid:CNNVD-200411-090
db:NVDid:CVE-2004-0266

LAST UPDATE DATE
2024-08-14T14:35:51.736000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-8696date:2017-07-19T00:00:00
db:BIDid:9615date:2009-07-12T02:06:00
db:JVNDBid:JVNDB-2004-000749date:2024-05-27T03:26:00
db:CNNVDid:CNNVD-200411-090date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0266date:2017-07-19T01:29:00.753

SOURCES RELEASE DATE
db:VULHUBid:VHN-8696date:2004-11-23T00:00:00
db:BIDid:9615date:2004-02-09T00:00:00
db:JVNDBid:JVNDB-2004-000749date:2024-05-27T00:00:00
db:CNNVDid:CNNVD-200411-090date:2004-11-23T00:00:00
db:NVDid:CVE-2004-0266date:2004-11-23T05:00:00