Sign-up

ID

VAR-200601-0258


CVE

CVE-2006-0163


TITLE

PHPNuke EV Search Module SQL Injection Vulnerability

Trust: 0.9

sources: BID: 16186 // CNNVD: CNNVD-200601-108

DESCRIPTION

SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. PHPNuke EV version 7.7 is vulnerable; earlier versions may also be affected. For more information: SA17543 The vulnerability has been confirmed in version 7.7-R1. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Originally reported in PHP-Nuke by sp3x. Reported in PHPNuke EV by Lostmon. ORIGINAL ADVISORY: http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html OTHER REFERENCES: SA17543: http://secunia.com/advisories/17543/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0163 // BID: 16186 // VULHUB: VHN-16271 // PACKETSTORM: 42959

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nuke evscope:eqversion:7.7_r1

Trust: 1.6

vendor:php nukemodel:php-nukescope:eqversion:7.7

Trust: 0.3

vendor:fireflymodel:studios strongholdscope:eqversion:27.7

Trust: 0.3

sources: BID: 16186 // CNNVD: CNNVD-200601-108 // NVD: CVE-2006-0163

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0163
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200601-108
value: HIGH

Trust: 0.6

VULHUB: VHN-16271
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-0163
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-16271
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16271 // CNNVD: CNNVD-200601-108 // NVD: CVE-2006-0163

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0163

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-108

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 42959 // CNNVD: CNNVD-200601-108

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-16271

EXTERNAL IDS
db:BIDid:16186
Trust: 2.0
db:NVDid:CVE-2006-0163
Trust: 2.0
db:SECUNIAid:18394
Trust: 1.8
db:OSVDBid:22316
Trust: 1.7
db:VUPENid:ADV-2006-0120
Trust: 1.7
db:CNNVDid:CNNVD-200601-108
Trust: 0.7
db:XFid:44978
Trust: 0.6
db:EXPLOIT-DBid:27058
Trust: 0.1
db:SEEBUGid:SSVID-80678
Trust: 0.1
db:VULHUBid:VHN-16271
Trust: 0.1
db:PACKETSTORMid:42959
Trust: 0.1
sources:
            
            
            VULHUB: VHN-16271 // 
            
            
            
            BID: 16186 // 
            
            
            
            PACKETSTORM: 42959 // 
            
            
            
            CNNVD: CNNVD-200601-108 // 
            
            
            
            NVD: CVE-2006-0163

REFERENCES
url:http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html
Trust: 2.1
url:http://www.securityfocus.com/bid/16186
Trust: 1.7
url:http://www.osvdb.org/22316
Trust: 1.7
url:http://secunia.com/advisories/18394
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/0120
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/44978
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/44978
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/0120
Trust: 0.6
url:http://nukevolution.com/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/18394/
Trust: 0.1
url:http://secunia.com/product/6767/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/17543/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-16271 // 
            
            
            
            BID: 16186 // 
            
            
            
            PACKETSTORM: 42959 // 
            
            
            
            CNNVD: CNNVD-200601-108 // 
            
            
            
            NVD: CVE-2006-0163

CREDITS
lostmon is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 16186 // 
            
            
            
            CNNVD: CNNVD-200601-108

SOURCES
db:VULHUBid:VHN-16271
db:BIDid:16186
db:PACKETSTORMid:42959
db:CNNVDid:CNNVD-200601-108
db:NVDid:CVE-2006-0163

LAST UPDATE DATE
2024-08-14T14:48:00.970000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-16271date:2017-07-20T00:00:00
db:BIDid:16186date:2007-02-14T23:47:00
db:CNNVDid:CNNVD-200601-108date:2006-09-23T00:00:00
db:NVDid:CVE-2006-0163date:2017-07-20T01:29:30.737

SOURCES RELEASE DATE
db:VULHUBid:VHN-16271date:2006-01-11T00:00:00
db:BIDid:16186date:2006-01-09T00:00:00
db:PACKETSTORMid:42959date:2006-01-11T05:48:09
db:CNNVDid:CNNVD-200601-108date:2006-01-11T00:00:00
db:NVDid:CVE-2006-0163date:2006-01-11T21:03:00