Details of VAR-200602-0432

ID

VAR-200602-0432

CVE

CVE-2006-0907

TITLE

PHP-Nuke SQL Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200602-406

DESCRIPTION

SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. A SQL injection vulnerability exists in PHP-Nuke versions prior to 7.8 Patched 3.2

Trust: 0.99

sources: NVD: CVE-2006-0907 // VULHUB: VHN-17015

AFFECTED PRODUCTS

vendor:

francisco burzi

model:

php-nuke

scope:

version:

7.8

Trust: 1.6

sources: CNNVD: CNNVD-200602-406 // NVD: CVE-2006-0907

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-0907
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200602-406
value:	HIGH
Trust: 0.6
VULHUB:	VHN-17015
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-0907
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-17015
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-17015 // CNNVD: CNNVD-200602-406 // NVD: CVE-2006-0907

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0907

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-406

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200602-406

EXTERNAL IDS

db:	NVD	id:	CVE-2006-0907	Trust: 1.7
db:	CNNVD	id:	CNNVD-200602-406	Trust: 0.7
db:	BUGTRAQ	id:	20060225 [WARAXE-2006-SA#047] - EVADING SQL-INJECTION FILTERS IN PHPNUKE 7.8	Trust: 0.6
db:	BID	id:	84046	Trust: 0.1
db:	VULHUB	id:	VHN-17015	Trust: 0.1

sources: VULHUB: VHN-17015 // CNNVD: CNNVD-200602-406 // NVD: CVE-2006-0907

REFERENCES

url:	http://www.waraxe.us/advisory-47.html	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/426083/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/426083/100/0/threaded	Trust: 0.6

sources: VULHUB: VHN-17015 // CNNVD: CNNVD-200602-406 // NVD: CVE-2006-0907

SOURCES

db:	VULHUB	id:	VHN-17015
db:	CNNVD	id:	CNNVD-200602-406
db:	NVD	id:	CVE-2006-0907

LAST UPDATE DATE

2024-08-14T12:51:20.056000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-17015	date:	2018-10-18T00:00:00
db:	CNNVD	id:	CNNVD-200602-406	date:	2006-02-28T00:00:00
db:	NVD	id:	CVE-2006-0907	date:	2018-10-18T16:29:41.477

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-17015	date:	2006-02-28T00:00:00
db:	CNNVD	id:	CNNVD-200602-406	date:	2006-02-27T00:00:00
db:	NVD	id:	CVE-2006-0907	date:	2006-02-28T02:02:00