Details of VAR-200612-0745

ID

VAR-200612-0745

CVE

CVE-2006-6234

TITLE

PHP-Nuke of Content In module SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2006-001670

DESCRIPTION

Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. (1) list_pages_categories In action cid Parameters (2) showpage action In action pid Parameters. PHP-Nuke is prone to an sql-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. PHP-Nuke is prone to a sql-injection vulnerability. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

Trust: 2.25

sources: NVD: CVE-2006-6234 // JVNDB: JVNDB-2006-001670 // BID: 77912 // BID: 87224 // VULHUB: VHN-22342

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.0	Trust: 2.4
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.0	Trust: 0.6

sources: BID: 77912 // BID: 87224 // JVNDB: JVNDB-2006-001670 // CNNVD: CNNVD-200612-014 // NVD: CVE-2006-6234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-6234
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-6234
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200612-014
value:	HIGH
Trust: 0.6
VULHUB:	VHN-22342
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-6234
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-22342
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-22342 // JVNDB: JVNDB-2006-001670 // CNNVD: CNNVD-200612-014 // NVD: CVE-2006-6234

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6234

THREAT TYPE

network

Trust: 0.6

sources: BID: 77912 // BID: 87224

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 77912 // BID: 87224

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001670

PATCH

title:

Top Page

url:

http://phpnuke.org/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001670

EXTERNAL IDS

db:	NVD	id:	CVE-2006-6234	Trust: 3.1
db:	SREASON	id:	1953	Trust: 2.0
db:	JVNDB	id:	JVNDB-2006-001670	Trust: 0.8
db:	XF	id:	27501	Trust: 0.6
db:	BUGTRAQ	id:	20060617 MODULE'S NAME CONTENT<	Trust: 0.6
db:	VIM	id:	20061201 OLD PHP-NUKE/POSTNUKE SQL INJECTION ISSUES - CLARIFICATION	Trust: 0.6
db:	CNNVD	id:	CNNVD-200612-014	Trust: 0.6
db:	BID	id:	87224	Trust: 0.4
db:	BID	id:	77912	Trust: 0.4
db:	VULHUB	id:	VHN-22342	Trust: 0.1

sources: VULHUB: VHN-22342 // BID: 77912 // BID: 87224 // JVNDB: JVNDB-2006-001670 // CNNVD: CNNVD-200612-014 // NVD: CVE-2006-6234

REFERENCES

url:	http://www.attrition.org/pipermail/vim/2006-december/001157.html	Trust: 2.3
url:	http://securityreason.com/securityalert/1953	Trust: 2.0
url:	http://www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded	Trust: 1.2
url:	http://www.securityfocus.com/archive/1/437835/100/200/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27501	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6234	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6234	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/27501	Trust: 0.6

sources: VULHUB: VHN-22342 // BID: 77912 // BID: 87224 // JVNDB: JVNDB-2006-001670 // CNNVD: CNNVD-200612-014 // NVD: CVE-2006-6234

CREDITS

Unknown

Trust: 0.6

sources: BID: 77912 // BID: 87224

SOURCES

db:	VULHUB	id:	VHN-22342
db:	BID	id:	77912
db:	BID	id:	87224
db:	JVNDB	id:	JVNDB-2006-001670
db:	CNNVD	id:	CNNVD-200612-014
db:	NVD	id:	CVE-2006-6234

LAST UPDATE DATE

2024-08-14T13:39:41.079000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-22342	date:	2018-10-17T00:00:00
db:	BID	id:	77912	date:	2006-12-02T00:00:00
db:	BID	id:	87224	date:	2006-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2006-001670	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200612-014	date:	2007-08-07T00:00:00
db:	NVD	id:	CVE-2006-6234	date:	2018-10-17T21:47:20.297

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-22342	date:	2006-12-02T00:00:00
db:	BID	id:	77912	date:	2006-12-02T00:00:00
db:	BID	id:	87224	date:	2006-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2006-001670	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200612-014	date:	2006-12-02T00:00:00
db:	NVD	id:	CVE-2006-6234	date:	2006-12-02T11:28:00