Details of VAR-200702-0462

ID

VAR-200702-0462

CVE

CVE-2007-1061

TITLE

Francisco Burzi PHP-Nuke of index.php In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001596

DESCRIPTION

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). PHP-Nuke is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. PHP-Nuke 8.0 Final and prior versions are vulnerable. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: PHP-Nuke HTTP "referer" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA24224 VERIFY ADVISORY: http://secunia.com/advisories/24224/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: >From remote SOFTWARE: PHP-Nuke 8.x http://secunia.com/product/13524/ PHP-Nuke 7.x http://secunia.com/product/2385/ PHP-Nuke 6.x http://secunia.com/product/329/ PHP-Nuke 5.x http://secunia.com/product/689/ DESCRIPTION: Maciej "krasza" Kukla has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 7.9 and reported in version 8.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Maciej "krasza" Kukla ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-1061 // JVNDB: JVNDB-2007-001596 // BID: 22638 // VULHUB: VHN-24423 // PACKETSTORM: 54544

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	8.0_final	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	8.0 final	Trust: 0.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	8.0_final	Trust: 0.6
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	8.0	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.9	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.8	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.7	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.6	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.5	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.4	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.3	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.2	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.1	Trust: 0.3
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	7.0	Trust: 0.3
vendor:	php nuke	model:	php-nuke final	scope:	eq	version:	8.0.0	Trust: 0.3

sources: BID: 22638 // JVNDB: JVNDB-2007-001596 // CNNVD: CNNVD-200702-405 // NVD: CVE-2007-1061

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-1061
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-1061
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200702-405
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-24423
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-1061
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24423
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-24423 // JVNDB: JVNDB-2007-001596 // CNNVD: CNNVD-200702-405 // NVD: CVE-2007-1061

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1061

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200702-405

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 54544 // CNNVD: CNNVD-200702-405

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001596

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-24423

PATCH

title:

Top Page

url:

http://phpnuke.org/

Trust: 0.8

sources: JVNDB: JVNDB-2007-001596

EXTERNAL IDS

db:	NVD	id:	CVE-2007-1061	Trust: 2.8
db:	BID	id:	22638	Trust: 2.0
db:	SECUNIA	id:	24224	Trust: 1.8
db:	EXPLOIT-DB	id:	3346	Trust: 1.7
db:	OSVDB	id:	33316	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0673	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001596	Trust: 0.8
db:	CNNVD	id:	CNNVD-200702-405	Trust: 0.7
db:	MILW0RM	id:	3346	Trust: 0.6
db:	FULLDISC	id:	20070220 BLIND SQL INJECTION ATTACK IN INSERT SYNTAX ON PHP-NUKE <=8.0 FINAL	Trust: 0.6
db:	XF	id:	32607	Trust: 0.6
db:	BUGTRAQ	id:	20070224 BLIND SQL INJECTION ATTACK IN INSERT SYNTAX ON PHP-NUKE <=8.0 FINAL	Trust: 0.6
db:	EXPLOIT-DB	id:	3344	Trust: 0.1
db:	EXPLOIT-DB	id:	3345	Trust: 0.1
db:	SEEBUG	id:	SSVID-64497	Trust: 0.1
db:	VULHUB	id:	VHN-24423	Trust: 0.1
db:	PACKETSTORM	id:	54544	Trust: 0.1

sources: VULHUB: VHN-24423 // BID: 22638 // JVNDB: JVNDB-2007-001596 // PACKETSTORM: 54544 // CNNVD: CNNVD-200702-405 // NVD: CVE-2007-1061

REFERENCES

url:	http://www.securityfocus.com/bid/22638	Trust: 1.7
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-february/052570.html	Trust: 1.7
url:	http://osvdb.org/33316	Trust: 1.7
url:	http://secunia.com/advisories/24224	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/461148/100/0/threaded	Trust: 1.1
url:	https://www.exploit-db.com/exploits/3346	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/0673	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/32607	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1061	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1061	Trust: 0.8
url:	http://www.milw0rm.com/exploits/3346	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/0673	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/32607	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/461148/100/0/threaded	Trust: 0.6
url:	http://www.phpnuke.org	Trust: 0.3
url:	/archive/1/461148	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/24224/	Trust: 0.1
url:	http://secunia.com/product/329/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/product/13524/	Trust: 0.1
url:	http://secunia.com/product/2385/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/689/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-24423 // BID: 22638 // JVNDB: JVNDB-2007-001596 // PACKETSTORM: 54544 // CNNVD: CNNVD-200702-405 // NVD: CVE-2007-1061

CREDITS

krasza

Trust: 0.6

sources: CNNVD: CNNVD-200702-405

SOURCES

db:	VULHUB	id:	VHN-24423
db:	BID	id:	22638
db:	JVNDB	id:	JVNDB-2007-001596
db:	PACKETSTORM	id:	54544
db:	CNNVD	id:	CNNVD-200702-405
db:	NVD	id:	CVE-2007-1061

LAST UPDATE DATE

2024-11-23T22:04:00.790000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-24423	date:	2018-10-16T00:00:00
db:	BID	id:	22638	date:	2015-05-12T19:34:00
db:	JVNDB	id:	JVNDB-2007-001596	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200702-405	date:	2007-02-23T00:00:00
db:	NVD	id:	CVE-2007-1061	date:	2024-11-21T00:27:24.817

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-24423	date:	2007-02-22T00:00:00
db:	BID	id:	22638	date:	2007-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2007-001596	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	54544	date:	2007-02-23T02:32:16
db:	CNNVD	id:	CNNVD-200702-405	date:	2007-02-21T00:00:00
db:	NVD	id:	CVE-2007-1061	date:	2007-02-22T00:28:00