Sign-up

ID

VAR-200505-1048


CVE

CVE-2005-0997


TITLE

PHP-Nuke Web_Links Multiple SQL Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-231

DESCRIPTION

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function. The Web_Links module of PHP-Nuke is affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. These issues are reported to affect PHP-Nuke version 7.6; earlier versions may also be affected

Trust: 1.26

sources: NVD: CVE-2005-0997 // BID: 13055 // VULHUB: VHN-12206

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:7.6

Trust: 1.6

vendor:franciscomodel:burzi php-nukescope:eqversion:7.6

Trust: 0.3

sources: BID: 13055 // CNNVD: CNNVD-200505-231 // NVD: CVE-2005-0997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0997
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200505-231
value: HIGH

Trust: 0.6

VULHUB: VHN-12206
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-0997
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12206
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12206 // CNNVD: CNNVD-200505-231 // NVD: CVE-2005-0997

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-231

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200505-231

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-12206

EXTERNAL IDS
db:NVDid:CVE-2005-0997
Trust: 2.0
db:CNNVDid:CNNVD-200505-231
Trust: 0.7
db:BUGTRAQid:20050403 [SECURITYREASON.COM] PHPNUKE 7.6 MULTIPLE VULNERABILITIES IN WEB_LINKS MODULE CXIB8O3.14
Trust: 0.6
db:BIDid:13055
Trust: 0.4
db:SEEBUGid:SSVID-79023
Trust: 0.1
db:EXPLOIT-DBid:25360
Trust: 0.1
db:VULHUBid:VHN-12206
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12206 // 
            
            
            
            BID: 13055 // 
            
            
            
            CNNVD: CNNVD-200505-231 // 
            
            
            
            NVD: CVE-2005-0997

REFERENCES
url:http://marc.info/?l=bugtraq&m=111289685724764&w=2
Trust: 1.0
url:http://marc.theaimsgroup.com/?l=bugtraq&m=111289685724764&w=2
Trust: 0.6
url:/archive/1/395272
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=111289685724764&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12206 // 
            
            
            
            BID: 13055 // 
            
            
            
            CNNVD: CNNVD-200505-231 // 
            
            
            
            NVD: CVE-2005-0997

CREDITS
Discovery of these vulnerabilities is credited to Maksymilian Arciemowicz <max@jestsuper.pl>.
Trust: 0.9
sources:
            
            
            BID: 13055 // 
            
            
            
            CNNVD: CNNVD-200505-231

SOURCES
db:VULHUBid:VHN-12206
db:BIDid:13055
db:CNNVDid:CNNVD-200505-231
db:NVDid:CVE-2005-0997

LAST UPDATE DATE
2024-08-14T14:42:14.584000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-12206date:2016-10-18T00:00:00
db:BIDid:13055date:2009-07-12T12:56:00
db:CNNVDid:CNNVD-200505-231date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0997date:2016-10-18T03:16:20.597

SOURCES RELEASE DATE
db:VULHUBid:VHN-12206date:2005-05-02T00:00:00
db:BIDid:13055date:2005-04-07T00:00:00
db:CNNVDid:CNNVD-200505-231date:2005-05-02T00:00:00
db:NVDid:CVE-2005-0997date:2005-05-02T04:00:00