Details of VAR-200701-0166

ID

VAR-200701-0166

CVE

CVE-2007-0309

TITLE

Francisco Burzi PHP-Nuke of blocks/block-Old_Articles.php In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001393

DESCRIPTION

SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. PHP-Nuke 7.9 and prior versions are vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: PHP-Nuke "cat" Old Articles Block SQL Injection SECUNIA ADVISORY ID: SA23748 VERIFY ADVISORY: http://secunia.com/advisories/23748/ CRITICAL: Moderately critical IMPACT: Manipulation of data, Exposure of sensitive information WHERE: >From remote SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ DESCRIPTION: Paisterist has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "cat" parameter through index.php to blocks/block-Old_Articles.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation e.g. allows retrieval of administrator usernames and password hashes, but requires that "register_globals" is enabled, "magic_quotes_gpc" is disabled, and the attacker knows the prefix for the database tables. The vulnerability is confirmed in version 7.9. SOLUTION: Edit the source code to ensure that input is properly sanitised. Use another product. PROVIDED AND/OR DISCOVERED BY: Paisterist ORIGINAL ADVISORY: http://www.neosecurityteam.net/advisories/PHP-Nuke-7.9-Old-Articles-Block-cat-SQL-Injection-vulnerability-31.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-0309 // JVNDB: JVNDB-2007-001393 // BID: 22037 // VULHUB: VHN-23671 // PACKETSTORM: 53739

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.9	Trust: 1.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.9	Trust: 0.6
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.9	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.8	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.7	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.6	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.5	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.4	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.3	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.2	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.1	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.0	Trust: 0.3

sources: BID: 22037 // JVNDB: JVNDB-2007-001393 // CNNVD: CNNVD-200701-250 // NVD: CVE-2007-0309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0309
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-0309
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200701-250
value:	HIGH
Trust: 0.6
VULHUB:	VHN-23671
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0309
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23671
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-23671 // JVNDB: JVNDB-2007-001393 // CNNVD: CNNVD-200701-250 // NVD: CVE-2007-0309

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-250

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 53739 // CNNVD: CNNVD-200701-250

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001393

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-23671

PATCH

title:

Top Page

url:

http://phpnuke.org/

Trust: 0.8

sources: JVNDB: JVNDB-2007-001393

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0309	Trust: 2.5
db:	BID	id:	22037	Trust: 2.0
db:	SECUNIA	id:	23748	Trust: 1.8
db:	SREASON	id:	2153	Trust: 1.7
db:	SECTRACK	id:	1017511	Trust: 1.7
db:	OSVDB	id:	32863	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001393	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-250	Trust: 0.7
db:	XF	id:	31482	Trust: 0.6
db:	BUGTRAQ	id:	20070113 PHP-NUKE <= 7.9 OLD-ARTICLES BLOCK "CAT" SQL INJECTION VULNERABILITY	Trust: 0.6
db:	SEEBUG	id:	SSVID-82959	Trust: 0.1
db:	EXPLOIT-DB	id:	29453	Trust: 0.1
db:	VULHUB	id:	VHN-23671	Trust: 0.1
db:	PACKETSTORM	id:	53739	Trust: 0.1

sources: VULHUB: VHN-23671 // BID: 22037 // JVNDB: JVNDB-2007-001393 // PACKETSTORM: 53739 // CNNVD: CNNVD-200701-250 // NVD: CVE-2007-0309

REFERENCES

url:	http://www.securityfocus.com/bid/22037	Trust: 1.7
url:	http://www.neosecurityteam.net/advisories/php-nuke--7.9-old-articles-block-cat-sql-injection-vulnerability-31.html	Trust: 1.7
url:	http://osvdb.org/32863	Trust: 1.7
url:	http://securitytracker.com/id?1017511	Trust: 1.7
url:	http://secunia.com/advisories/23748	Trust: 1.7
url:	http://securityreason.com/securityalert/2153	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/456787/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/31482	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0309	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0309	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/456787/100/0/threaded	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/31482	Trust: 0.6
url:	http://www.phpnuke.org	Trust: 0.3
url:	/archive/1/456787	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/product/2385/	Trust: 0.1
url:	http://secunia.com/advisories/23748/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://www.neosecurityteam.net/advisories/php-nuke-7.9-old-articles-block-cat-sql-injection-vulnerability-31.html	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-23671 // BID: 22037 // JVNDB: JVNDB-2007-001393 // PACKETSTORM: 53739 // CNNVD: CNNVD-200701-250 // NVD: CVE-2007-0309

CREDITS

Paisterist is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 22037 // CNNVD: CNNVD-200701-250

SOURCES

db:	VULHUB	id:	VHN-23671
db:	BID	id:	22037
db:	JVNDB	id:	JVNDB-2007-001393
db:	PACKETSTORM	id:	53739
db:	CNNVD	id:	CNNVD-200701-250
db:	NVD	id:	CVE-2007-0309

LAST UPDATE DATE

2024-11-23T21:49:19.808000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-23671	date:	2018-10-16T00:00:00
db:	BID	id:	22037	date:	2007-01-15T18:20:00
db:	JVNDB	id:	JVNDB-2007-001393	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-250	date:	2007-01-18T00:00:00
db:	NVD	id:	CVE-2007-0309	date:	2024-11-21T00:25:32.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-23671	date:	2007-01-18T00:00:00
db:	BID	id:	22037	date:	2007-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2007-001393	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	53739	date:	2007-01-18T08:44:32
db:	CNNVD	id:	CNNVD-200701-250	date:	2007-01-17T00:00:00
db:	NVD	id:	CVE-2007-0309	date:	2007-01-18T00:28:00