Details of VAR-200412-1226

ID

VAR-200412-1226

CVE

CVE-2004-1842

TITLE

PHP-Nuke Image Tag management command execution vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-738

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. This issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke's handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database

Trust: 1.35

sources: NVD: CVE-2004-1842 // BID: 9895 // VULHUB: VHN-10271 // VULMON: CVE-2004-1842

AFFECTED PRODUCTS

vendor:	phpnuke	model:	php-nuke	scope:	lte	version:	7.1	Trust: 1.0
vendor:	phpnuke	model:	php-nuke	scope:	gte	version:	6.0	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.7	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.9	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.6	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc2	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc3	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc1	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.1	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_final	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0_final	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.9	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.7	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc3	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc2	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc1	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke beta	scope:	eq	version:	6.51	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 9895 // CNNVD: CNNVD-200412-738 // NVD: CVE-2004-1842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1842
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-738
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10271
value:	HIGH
Trust: 0.1
VULMON:	CVE-2004-1842
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1842
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10271
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULMON:	CVE-2004-1842
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2004-1842
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-10271 // VULMON: CVE-2004-1842 // CNNVD: CNNVD-200412-738 // NVD: CVE-2004-1842

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.0

sources: NVD: CVE-2004-1842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-738

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200412-738

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-10271 // VULMON: CVE-2004-1842

PATCH

title:

url:

https://github.com/faizhaffizudin/Case-Study-Hamsa

Trust: 0.1

sources: VULMON: CVE-2004-1842

EXTERNAL IDS

db:	BID	id:	9895	Trust: 2.1
db:	SECUNIA	id:	11195	Trust: 1.8
db:	NVD	id:	CVE-2004-1842	Trust: 1.8
db:	CNNVD	id:	CNNVD-200412-738	Trust: 0.7
db:	XF	id:	15596	Trust: 0.6
db:	NSFOCUS	id:	6194	Trust: 0.6
db:	BUGTRAQ	id:	20040322 [WARAXE-2004-SA#008 - EASY WAY TO GET SUPERADMIN RIGHTS IN PHPNUKE 6.X-7.1.0]	Trust: 0.6
db:	EXPLOIT-DB	id:	23835	Trust: 0.2
db:	SEEBUG	id:	SSVID-77580	Trust: 0.1
db:	VULHUB	id:	VHN-10271	Trust: 0.1
db:	VULMON	id:	CVE-2004-1842	Trust: 0.1

sources: VULHUB: VHN-10271 // VULMON: CVE-2004-1842 // BID: 9895 // CNNVD: CNNVD-200412-738 // NVD: CVE-2004-1842

REFERENCES

url:	http://www.securityfocus.com/bid/9895	Trust: 1.8
url:	http://secunia.com/advisories/11195	Trust: 1.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15596	Trust: 1.2
url:	http://marc.info/?l=bugtraq&m=108006309112075&w=2	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/15596	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108006309112075&w=2	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6194	Trust: 0.6
url:	http://www.irannuke.com/	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108006309112075&w=2	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/23835/	Trust: 0.1

sources: VULHUB: VHN-10271 // VULMON: CVE-2004-1842 // BID: 9895 // CNNVD: CNNVD-200412-738 // NVD: CVE-2004-1842

CREDITS

Janek Vind※ come2waraxe@yahoo.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-738

SOURCES

db:	VULHUB	id:	VHN-10271
db:	VULMON	id:	CVE-2004-1842
db:	BID	id:	9895
db:	CNNVD	id:	CNNVD-200412-738
db:	NVD	id:	CVE-2004-1842

LAST UPDATE DATE

2024-08-14T14:29:25.350000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10271	date:	2017-07-11T00:00:00
db:	VULMON	id:	CVE-2004-1842	date:	2017-07-11T00:00:00
db:	BID	id:	9895	date:	2004-03-16T00:00:00
db:	CNNVD	id:	CNNVD-200412-738	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1842	date:	2024-02-08T20:46:14.233

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10271	date:	2004-12-31T00:00:00
db:	VULMON	id:	CVE-2004-1842	date:	2004-12-31T00:00:00
db:	BID	id:	9895	date:	2004-03-16T00:00:00
db:	CNNVD	id:	CNNVD-200412-738	date:	2004-03-16T00:00:00
db:	NVD	id:	CVE-2004-1842	date:	2004-12-31T05:00:00