Sign-up

ID

VAR-200412-0578


CVE

CVE-2004-2294


TITLE

PHP-Nuke Multiple Input Validation Vulnerabilities

Trust: 0.9

sources: BID: 10524 // CNNVD: CNNVD-200412-182

DESCRIPTION

Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple cross-site scripting vulnerabilities. These issues affect the 'Faq', 'Encyclopedia' and 'Reviews' modules. These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer. PHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is due to a failure of the application to properly sanitize user-supplied input. The problem presents itself when SQL syntax is passed through the a parameter of the 'Reviews' module. As a result of this issue an attacker could modify the logic and structure of database queries. Finally a remote denial of service vulnerability is reported to exist in the score subsystem of the 'Review' module of PHP-Nuke, it is reported that a large number supplied as a value for a parameter passed to the 'Reviews' module will deny service to legitimate PHP-Nuke users. The send_review function in the Reviews module of PHP-Nuke 6.0 to 7.3 has a Canonicalize-before-filter error vulnerability

Trust: 1.26

sources: NVD: CVE-2004-2294 // BID: 10524 // VULHUB: VHN-10722

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:6.7

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.6

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.9

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.0_final

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_final

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc1

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_beta1

Trust: 1.0

vendor:franciscomodel:burzi php-nukescope:eqversion:7.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.7

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.6

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke betascope:eqversion:6.51

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

sources: BID: 10524 // CNNVD: CNNVD-200412-182 // NVD: CVE-2004-2294

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2294
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-182
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10722
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-2294
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10722
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10722 // CNNVD: CNNVD-200412-182 // NVD: CVE-2004-2294

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2294

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-182

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200412-182

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-10722

EXTERNAL IDS
db:BIDid:10524
Trust: 2.0
db:OSVDBid:6999
Trust: 1.7
db:SECUNIAid:11852
Trust: 1.7
db:NVDid:CVE-2004-2294
Trust: 1.7
db:CNNVDid:CNNVD-200412-182
Trust: 0.7
db:BUGTRAQid:20040611 [WARAXE-2004-SA#032 - MULTIPLE SECURITY FLAWS IN PHPNUKE 6.X - 7.3]
Trust: 0.6
db:SEEBUGid:SSVID-77927
Trust: 0.1
db:EXPLOIT-DBid:24194
Trust: 0.1
db:VULHUBid:VHN-10722
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10722 // 
            
            
            
            BID: 10524 // 
            
            
            
            CNNVD: CNNVD-200412-182 // 
            
            
            
            NVD: CVE-2004-2294

REFERENCES
url:http://www.securityfocus.com/bid/10524
Trust: 1.7
url:http://www.securityfocus.com/archive/1/365865
Trust: 1.7
url:http://www.osvdb.org/6999
Trust: 1.7
url:http://secunia.com/advisories/11852
Trust: 1.7
url:http://www.irannuke.com/
Trust: 0.3
url:/archive/1/365865
Trust: 0.3
sources:
            
            
            VULHUB: VHN-10722 // 
            
            
            
            BID: 10524 // 
            
            
            
            CNNVD: CNNVD-200412-182 // 
            
            
            
            NVD: CVE-2004-2294

CREDITS
Discovery of these vulnerabilities is credited to Janek Vind <come2waraxe@yahoo.com>.
Trust: 0.9
sources:
            
            
            BID: 10524 // 
            
            
            
            CNNVD: CNNVD-200412-182

SOURCES
db:VULHUBid:VHN-10722
db:BIDid:10524
db:CNNVDid:CNNVD-200412-182
db:NVDid:CVE-2004-2294

LAST UPDATE DATE
2024-08-14T14:48:10.183000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-10722date:2008-09-05T00:00:00
db:BIDid:10524date:2004-06-11T00:00:00
db:CNNVDid:CNNVD-200412-182date:2005-10-20T00:00:00
db:NVDid:CVE-2004-2294date:2008-09-05T20:43:44

SOURCES RELEASE DATE
db:VULHUBid:VHN-10722date:2004-12-31T00:00:00
db:BIDid:10524date:2004-06-11T00:00:00
db:CNNVDid:CNNVD-200412-182date:2004-12-31T00:00:00
db:NVDid:CVE-2004-2294date:2004-12-31T05:00:00