Sign-up

ID

VAR-200701-0092


CVE

CVE-2007-0372


TITLE

Francisco Burzi PHP-Nuke In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001411

DESCRIPTION

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. Francisco Burzi PHP-Nuke Is SQL An injection vulnerability exists.By any third party, via the following parameters SQL The command may be executed. (1) admin/modules/modules.php Inside active Parameters (2) modules/Advertising/admin/index.php Inside pad_class Parameters (3) modules/Advertising/admin/index.php Inside pimageurl Parameters (4) modules/Advertising/admin/index.php Inside pclickurl Parameters (5) modules/Advertising/admin/index.php Inside pad_code Parameters (6) modules/Advertising/admin/index.php Inside position Parameters. PHP-Nuke is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. PHP-Nuke 7.9 is vulnerable to these issues; other versions may also be affected

Trust: 2.25

sources: NVD: CVE-2007-0372 // JVNDB: JVNDB-2007-001411 // BID: 22116 // BID: 23555 // VULHUB: VHN-23734

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:7.9

Trust: 2.4

vendor:php nukemodel:php-nukescope:eqversion:7.9

Trust: 0.3

vendor:nuclearbbmodel:alphascope:eqversion:1

Trust: 0.3

sources: BID: 22116 // BID: 23555 // JVNDB: JVNDB-2007-001411 // CNNVD: CNNVD-200701-321 // NVD: CVE-2007-0372

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0372
value: HIGH

Trust: 1.0

NVD: CVE-2007-0372
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200701-321
value: HIGH

Trust: 0.6

VULHUB: VHN-23734
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-0372
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23734
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-23734 // JVNDB: JVNDB-2007-001411 // CNNVD: CNNVD-200701-321 // NVD: CVE-2007-0372

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0372

THREAT TYPE

network

Trust: 0.6

sources: BID: 22116 // BID: 23555

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 22116 // BID: 23555

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001411

PATCH
title:Top Pageurl:http://phpnuke.org/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001411

EXTERNAL IDS
db:NVDid:CVE-2007-0372
Trust: 2.8
db:BIDid:22116
Trust: 2.0
db:OSVDBid:33701
Trust: 1.7
db:OSVDBid:33702
Trust: 1.7
db:OSVDBid:33699
Trust: 1.7
db:OSVDBid:33698
Trust: 1.7
db:OSVDBid:33700
Trust: 1.7
db:JVNDBid:JVNDB-2007-001411
Trust: 0.8
db:CNNVDid:CNNVD-200701-321
Trust: 0.7
db:FULLDISCid:20070118 THE VULNERABILITIES FESTIVAL !
Trust: 0.6
db:BUGTRAQid:20070204 SQL INJECTION BUGS IN PHP-NUKE
Trust: 0.6
db:BIDid:23555
Trust: 0.4
db:VULHUBid:VHN-23734
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23734 // 
            
            
            
            BID: 22116 // 
            
            
            
            BID: 23555 // 
            
            
            
            JVNDB: JVNDB-2007-001411 // 
            
            
            
            CNNVD: CNNVD-200701-321 // 
            
            
            
            NVD: CVE-2007-0372

REFERENCES
url:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
Trust: 2.0
url:http://www.securityfocus.com/bid/22116
Trust: 1.7
url:http://www.hackers.ir/advisories/festival.txt
Trust: 1.7
url:http://osvdb.org/33698
Trust: 1.7
url:http://osvdb.org/33699
Trust: 1.7
url:http://osvdb.org/33700
Trust: 1.7
url:http://osvdb.org/33701
Trust: 1.7
url:http://osvdb.org/33702
Trust: 1.7
url:http://www.securityfocus.com/archive/1/459174/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0372
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0372
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/459174/100/0/threaded
Trust: 0.6
url:http://www.phpnuke.org
Trust: 0.3
url:http://www.nuclearbb.com/
Trust: 0.3
url:/archive/1/466211
Trust: 0.3
sources:
            
            
            VULHUB: VHN-23734 // 
            
            
            
            BID: 22116 // 
            
            
            
            BID: 23555 // 
            
            
            
            JVNDB: JVNDB-2007-001411 // 
            
            
            
            CNNVD: CNNVD-200701-321 // 
            
            
            
            NVD: CVE-2007-0372

CREDITS
John Martinelli is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 23555 // 
            
            
            
            CNNVD: CNNVD-200701-321

SOURCES
db:VULHUBid:VHN-23734
db:BIDid:22116
db:BIDid:23555
db:JVNDBid:JVNDB-2007-001411
db:CNNVDid:CNNVD-200701-321
db:NVDid:CVE-2007-0372

LAST UPDATE DATE
2024-11-23T21:49:20.231000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-23734date:2018-10-16T00:00:00
db:BIDid:22116date:2007-01-19T03:29:00
db:BIDid:23555date:2007-04-19T16:31:00
db:JVNDBid:JVNDB-2007-001411date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-321date:2007-01-22T00:00:00
db:NVDid:CVE-2007-0372date:2024-11-21T00:25:41.923

SOURCES RELEASE DATE
db:VULHUBid:VHN-23734date:2007-01-19T00:00:00
db:BIDid:22116date:2007-01-18T00:00:00
db:BIDid:23555date:2007-04-18T00:00:00
db:JVNDBid:JVNDB-2007-001411date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-321date:2007-01-19T00:00:00
db:NVDid:CVE-2007-0372date:2007-01-19T23:28:00