Sign-up

ID

VAR-200412-0933


CVE

CVE-2004-2020


TITLE

PHP-Nuke Multiple input validation vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200412-204

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. PHP-Nuke incorrectly handles the data submitted by users in many places. Remote attackers can use this vulnerability to conduct cross-site scripting, path disclosure, sensitive information disclosure and other attacks. A. Path Leakage The \"WebLinks\" module lacks filtering for the \"show\" variable, which can lead to path leaks: http://localhost/nuke73/modules.php?name=Web_Links&l_op=viewlink&cid=1&show=foobar Warning: Division by zero in D:\apache_wwwroot\nuke73\modules\Web_Links\index.php on\line 774 B. Multiple modules lack adequate filtering of variables, which can lead to cross-site scripting attacks and leak sensitive information of target users: http:// localhost/nuke73/modules.php?name=News&file=article&sid=1&optionbox=[xss code \here] http://localhost/nuke73/modules.php?name=Statistics&op=DailyStats&year=2004&month=5&da\te=[xss code here ] http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=[xss code\here]&month=05&month_l=May\http://localhost/nuke73/modules

Trust: 0.99

sources: NVD: CVE-2004-2020 // VULHUB: VHN-10448

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:6.7

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.6

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.9

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.0_final

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_final

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc1

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_beta1

Trust: 1.0

sources: CNNVD: CNNVD-200412-204 // NVD: CVE-2004-2020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2020
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-204
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10448
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-2020
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10448
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10448 // CNNVD: CNNVD-200412-204 // NVD: CVE-2004-2020

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-204

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200412-204

EXTERNAL IDS

db:OSVDBid:6226

Trust: 1.7

db:OSVDBid:6225

Trust: 1.7

db:NVDid:CVE-2004-2020

Trust: 1.7

db:BIDid:10367

Trust: 1.7

db:SECUNIAid:11625

Trust: 1.7

db:CNNVDid:CNNVD-200412-204

Trust: 0.7

db:XFid:16172

Trust: 0.6

db:BUGTRAQid:20040517 [WARAXE-2004-SA#030 - MULTIPLE VULNERABILITIES IN PHPNUKE 6.X - 7.3]

Trust: 0.6

db:NSFOCUSid:6459

Trust: 0.6

db:VULHUBid:VHN-10448

Trust: 0.1

sources: VULHUB: VHN-10448 // CNNVD: CNNVD-200412-204 // NVD: CVE-2004-2020

REFERENCES

url:http://www.securityfocus.com/bid/10367

Trust: 1.7

url:http://www.osvdb.org/6225

Trust: 1.7

url:http://www.osvdb.org/6226

Trust: 1.7

url:http://secunia.com/advisories/11625

Trust: 1.7

url:http://www.waraxe.us/index.php?modname=sa&id=29

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16172

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=108482957715299&w=2

Trust: 1.0

url:http://xforce.iss.net/xforce/xfdb/16172

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=108482957715299&w=2

Trust: 0.6

url:http://www.nsfocus.net/vulndb/6459

Trust: 0.6

url:http://marc.info/?l=bugtraq&m=108482957715299&w=2

Trust: 0.1

url:http://www.waraxe.us/index.php?modname=sa&id=29

Trust: 0.1

sources: VULHUB: VHN-10448 // CNNVD: CNNVD-200412-204 // NVD: CVE-2004-2020

CREDITS

Janek Vind waraxe※ come2waraxe@yahoo.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-204

SOURCES

db:VULHUBid:VHN-10448
db:CNNVDid:CNNVD-200412-204
db:NVDid:CVE-2004-2020

LAST UPDATE DATE

2024-08-14T13:40:15.959000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-10448date:2017-07-19T00:00:00
db:CNNVDid:CNNVD-200412-204date:2005-10-20T00:00:00
db:NVDid:CVE-2004-2020date:2017-07-19T01:29:01.017

SOURCES RELEASE DATE

db:VULHUBid:VHN-10448date:2004-12-31T00:00:00
db:CNNVDid:CNNVD-200412-204date:2004-05-17T00:00:00
db:NVDid:CVE-2004-2020date:2004-12-31T05:00:00