ID

VAR-200601-0258


CVE

CVE-2006-0163


TITLE

PHPNuke EV Search Module SQL Injection Vulnerability

Trust: 0.9

sources: BID: 16186 // CNNVD: CNNVD-200601-108

DESCRIPTION

SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. PHPNuke EV version 7.7 is vulnerable; earlier versions may also be affected. For more information: SA17543 The vulnerability has been confirmed in version 7.7-R1. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Originally reported in PHP-Nuke by sp3x. Reported in PHPNuke EV by Lostmon. ORIGINAL ADVISORY: http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html OTHER REFERENCES: SA17543: http://secunia.com/advisories/17543/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0163 // BID: 16186 // VULHUB: VHN-16271 // PACKETSTORM: 42959

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nuke evscope:eqversion:7.7_r1

Trust: 1.6

vendor:php nukemodel:php-nukescope:eqversion:7.7

Trust: 0.3

vendor:fireflymodel:studios strongholdscope:eqversion:27.7

Trust: 0.3

sources: BID: 16186 // CNNVD: CNNVD-200601-108 // NVD: CVE-2006-0163

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0163
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200601-108
value: HIGH

Trust: 0.6

VULHUB: VHN-16271
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-0163
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-16271
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16271 // CNNVD: CNNVD-200601-108 // NVD: CVE-2006-0163

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0163

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-108

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 42959 // CNNVD: CNNVD-200601-108

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-16271

EXTERNAL IDS

db:BIDid:16186

Trust: 2.0

db:NVDid:CVE-2006-0163

Trust: 2.0

db:SECUNIAid:18394

Trust: 1.8

db:OSVDBid:22316

Trust: 1.7

db:VUPENid:ADV-2006-0120

Trust: 1.7

db:CNNVDid:CNNVD-200601-108

Trust: 0.7

db:XFid:44978

Trust: 0.6

db:EXPLOIT-DBid:27058

Trust: 0.1

db:SEEBUGid:SSVID-80678

Trust: 0.1

db:VULHUBid:VHN-16271

Trust: 0.1

db:PACKETSTORMid:42959

Trust: 0.1

sources: VULHUB: VHN-16271 // BID: 16186 // PACKETSTORM: 42959 // CNNVD: CNNVD-200601-108 // NVD: CVE-2006-0163

REFERENCES

url:http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html

Trust: 2.1

url:http://www.securityfocus.com/bid/16186

Trust: 1.7

url:http://www.osvdb.org/22316

Trust: 1.7

url:http://secunia.com/advisories/18394

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0120

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/44978

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/44978

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/0120

Trust: 0.6

url:http://nukevolution.com/

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/18394/

Trust: 0.1

url:http://secunia.com/product/6767/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/17543/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-16271 // BID: 16186 // PACKETSTORM: 42959 // CNNVD: CNNVD-200601-108 // NVD: CVE-2006-0163

CREDITS

lostmon is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 16186 // CNNVD: CNNVD-200601-108

SOURCES

db:VULHUBid:VHN-16271
db:BIDid:16186
db:PACKETSTORMid:42959
db:CNNVDid:CNNVD-200601-108
db:NVDid:CVE-2006-0163

LAST UPDATE DATE

2024-11-23T23:03:34.001000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16271date:2017-07-20T00:00:00
db:BIDid:16186date:2007-02-14T23:47:00
db:CNNVDid:CNNVD-200601-108date:2006-09-23T00:00:00
db:NVDid:CVE-2006-0163date:2024-11-21T00:05:48.670

SOURCES RELEASE DATE

db:VULHUBid:VHN-16271date:2006-01-11T00:00:00
db:BIDid:16186date:2006-01-09T00:00:00
db:PACKETSTORMid:42959date:2006-01-11T05:48:09
db:CNNVDid:CNNVD-200601-108date:2006-01-11T00:00:00
db:NVDid:CVE-2006-0163date:2006-01-11T21:03:00