Sign-up

ID

VAR-200505-1047


CVE

CVE-2005-0996


TITLE

PHP-Nuke Downloads SQL Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-358

DESCRIPTION

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. PHP-Nuke Downloads module is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. These issues are reported to affect PHP-Nuke version 7.6; earlier versions may also be affected

Trust: 1.26

sources: NVD: CVE-2005-0996 // BID: 13061 // VULHUB: VHN-12205

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:7.6

Trust: 1.6

vendor:franciscomodel:burzi php-nukescope:eqversion:7.6

Trust: 0.3

sources: BID: 13061 // CNNVD: CNNVD-200505-358 // NVD: CVE-2005-0996

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0996
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200505-358
value: MEDIUM

Trust: 0.6

VULHUB: VHN-12205
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-0996
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12205
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12205 // CNNVD: CNNVD-200505-358 // NVD: CVE-2005-0996

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0996

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-358

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200505-358

EXTERNAL IDS

db:NVDid:CVE-2005-0996

Trust: 2.0

db:CNNVDid:CNNVD-200505-358

Trust: 0.7

db:BUGTRAQid:20050403 [SECURITYREASON.COM] PHPNUKE 7.6 MULTIPLE VULNERABILITIES IN DOWNLOADS MODULE CXIB8O3.13

Trust: 0.6

db:BIDid:13061

Trust: 0.4

db:VULHUBid:VHN-12205

Trust: 0.1

sources: VULHUB: VHN-12205 // BID: 13061 // CNNVD: CNNVD-200505-358 // NVD: CVE-2005-0996

REFERENCES

url:http://marc.info/?l=bugtraq&m=111289685724764&w=2

Trust: 1.0

url:http://marc.theaimsgroup.com/?l=bugtraq&m=111289685724764&w=2

Trust: 0.6

url:/archive/1/395256

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=111289685724764&w=2

Trust: 0.1

sources: VULHUB: VHN-12205 // BID: 13061 // CNNVD: CNNVD-200505-358 // NVD: CVE-2005-0996

CREDITS

Discovery of these vulnerabilities is credits to Maksymilian Arciemowicz <max@jestsuper.pl>.

Trust: 0.9

sources: BID: 13061 // CNNVD: CNNVD-200505-358

SOURCES

db:VULHUBid:VHN-12205
db:BIDid:13061
db:CNNVDid:CNNVD-200505-358
db:NVDid:CVE-2005-0996

LAST UPDATE DATE

2024-08-14T15:45:42.271000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-12205date:2016-10-18T00:00:00
db:BIDid:13061date:2009-07-12T12:56:00
db:CNNVDid:CNNVD-200505-358date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0996date:2016-10-18T03:16:19.207

SOURCES RELEASE DATE

db:VULHUBid:VHN-12205date:2005-05-02T00:00:00
db:BIDid:13061date:2005-04-07T00:00:00
db:CNNVDid:CNNVD-200505-358date:2005-05-02T00:00:00
db:NVDid:CVE-2005-0996date:2005-05-02T04:00:00