Sign-up

ID

VAR-200505-1050


CVE

CVE-2005-0999


TITLE

PHP-Nuke Top SQL Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-229

DESCRIPTION

SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter. PHP-Nuke is prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation

Trust: 1.26

sources: NVD: CVE-2005-0999 // BID: 13047 // VULHUB: VHN-12208

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:7.4

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_beta1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.6

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.5

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_final

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc3

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.1

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.2

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.9

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.7

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.6

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.0_final

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.0

Trust: 1.0

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.7

Trust: 0.3

vendor:franciscomodel:burzi php-nuke betascope:eqversion:6.51

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.6

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.6

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

sources: BID: 13047 // CNNVD: CNNVD-200505-229 // NVD: CVE-2005-0999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0999
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200505-229
value: HIGH

Trust: 0.6

VULHUB: VHN-12208
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-0999
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12208
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12208 // CNNVD: CNNVD-200505-229 // NVD: CVE-2005-0999

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0999

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-229

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200505-229

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-12208

EXTERNAL IDS
db:NVDid:CVE-2005-0999
Trust: 2.0
db:CNNVDid:CNNVD-200505-229
Trust: 0.7
db:BUGTRAQid:20050406 [WARAXE-2005-SA#041] - CRITICAL SQL INJECTION IN PHPNUKE 6.X-7.6
Trust: 0.6
db:BIDid:13047
Trust: 0.4
db:EXPLOIT-DBid:921
Trust: 0.1
db:VULHUBid:VHN-12208
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12208 // 
            
            
            
            BID: 13047 // 
            
            
            
            CNNVD: CNNVD-200505-229 // 
            
            
            
            NVD: CVE-2005-0999

REFERENCES
url:http://www.waraxe.us/advisory-41.html
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=111281649616901&w=2
Trust: 1.0
url:http://marc.theaimsgroup.com/?l=bugtraq&m=111281649616901&w=2
Trust: 0.6
url:/archive/1/395132
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=111281649616901&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12208 // 
            
            
            
            BID: 13047 // 
            
            
            
            CNNVD: CNNVD-200505-229 // 
            
            
            
            NVD: CVE-2005-0999

CREDITS
Discovery credited to Janek Vind <come2waraxe@yahoo.com>.
Trust: 0.9
sources:
            
            
            BID: 13047 // 
            
            
            
            CNNVD: CNNVD-200505-229

SOURCES
db:VULHUBid:VHN-12208
db:BIDid:13047
db:CNNVDid:CNNVD-200505-229
db:NVDid:CVE-2005-0999

LAST UPDATE DATE
2024-08-14T13:40:06.444000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-12208date:2016-10-18T00:00:00
db:BIDid:13047date:2009-07-12T12:56:00
db:CNNVDid:CNNVD-200505-229date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0999date:2016-10-18T03:16:22.957

SOURCES RELEASE DATE
db:VULHUBid:VHN-12208date:2005-05-02T00:00:00
db:BIDid:13047date:2005-04-06T00:00:00
db:CNNVDid:CNNVD-200505-229date:2005-05-02T00:00:00
db:NVDid:CVE-2005-0999date:2005-05-02T04:00:00