Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    84 vulnerabilities by francisco

    VAR-200411-0123

    Vulnerability from variot - Updated: 2024-05-28 18:32

    SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. francisco burzi of php-nuke Exists in unspecified vulnerabilities.None. The issue is due to improper sanitization of user-defined parameters supplied to the module. As a result, an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200411-0123",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "6.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "7.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "6.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "6.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "6.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.0_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.5_beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": null
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 rc1"
          },
          {
            "model": "php-nuke",
            "scope": null,
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": null
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "7.0 final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 rc2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.7"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.6"
          },
          {
            "model": "burzi php-nuke rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.51"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "9615"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000749"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0266"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-0266"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovery of this issue has been credited to Janek Vind \u003ccome2waraxe@yahoo.com\u003e.",
        "sources": [
          {
            "db": "BID",
            "id": "9615"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2004-0266",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2004-0266",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-8696",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2004-0266",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200411-090",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-8696",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000749"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0266"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in the \"public message\" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. francisco burzi of php-nuke Exists in unspecified vulnerabilities.None.  The issue is due to improper sanitization of user-defined parameters supplied to the module.  As a result, an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-0266"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000749"
          },
          {
            "db": "BID",
            "id": "9615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-8696"
          }
        ],
        "trust": 1.98
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-8696",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8696"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2004-0266",
            "trust": 3.6
          },
          {
            "db": "BID",
            "id": "9615",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000749",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-090",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "15080",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20040208 [WARAXE-2004-SA#003] - SQL INJECTION IN PHP-NUKE 7.1.0",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-77420",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "23670",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-8696",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8696"
          },
          {
            "db": "BID",
            "id": "9615"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000749"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0266"
          }
        ]
      },
      "id": "VAR-200411-0123",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8696"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-05-28T18:32:13.773000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000749"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0266"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/9615"
          },
          {
            "trust": 1.9,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15080"
          },
          {
            "trust": 1.8,
            "url": "http://marc.info/?l=bugtraq\u0026m=107635110327066\u0026w=2"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0266"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/15080"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=107635110327066\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/353201"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=107635110327066\u0026amp;w=2"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8696"
          },
          {
            "db": "BID",
            "id": "9615"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000749"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0266"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-8696"
          },
          {
            "db": "BID",
            "id": "9615"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000749"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0266"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2004-11-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-8696"
          },
          {
            "date": "2004-02-09T00:00:00",
            "db": "BID",
            "id": "9615"
          },
          {
            "date": "2024-05-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2004-000749"
          },
          {
            "date": "2004-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          },
          {
            "date": "2004-11-23T05:00:00",
            "db": "NVD",
            "id": "CVE-2004-0266"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-8696"
          },
          {
            "date": "2009-07-12T02:06:00",
            "db": "BID",
            "id": "9615"
          },
          {
            "date": "2024-05-27T03:26:00",
            "db": "JVNDB",
            "id": "JVNDB-2004-000749"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          },
          {
            "date": "2017-07-19T01:29:00.753000",
            "db": "NVD",
            "id": "CVE-2004-0266"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Public Message SQL Injection Vulnerability",
        "sources": [
          {
            "db": "BID",
            "id": "9615"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-090"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200411-0029

    Vulnerability from variot - Updated: 2024-05-28 18:21

    SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. francisco burzi of php-nuke Exists in unspecified vulnerabilities.None. It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the 'index.php' page. PHPNuke versions 6.9 and prior have been reported to be prone to this issue, however other versions may be affected as well. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. The \'\'index.php\'\' script included in PHP-Nuke lacks adequate filtering of the parameters submitted by users. When performing a search, the index.php script does not fully filter the data submitted by the user to the $category variable. Submitting data containing SQL commands as the $category variable parameter can change the original database logic, obtain database sensitive information and modify database content

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200411-0029",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "4.4.1a"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "2.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "5.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "4.4"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "3.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "1.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "4.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "5.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "5.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "5.0.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "5.4"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "6.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "5.2a"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "5.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "5.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "4.3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "francisco burzi",
            "version": "5.3.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.5_beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.5_rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.5_rc2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.5_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.5_rc1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": null
          },
          {
            "model": "php-nuke",
            "scope": null,
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": null
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 final"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.7"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.6"
          },
          {
            "model": "burzi php-nuke rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.51"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.6"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.4"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.3.1"
          },
          {
            "model": "burzi php-nuke a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.0.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.0"
          },
          {
            "model": "burzi php-nuke a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.4.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.4"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.3"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "3.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "2.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "1.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "9630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000750"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-123"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0269"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.4.1a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-0269"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "pokleyzz\u203b pokleyzz@scan-associates.net",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-123"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2004-0269",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2004-0269",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-8699",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2004-0269",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200411-123",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-8699",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000750"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-123"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0269"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. francisco burzi of php-nuke Exists in unspecified vulnerabilities.None. It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input.  The problem is reported to exist in the $category variable contained within the \u0027index.php\u0027 page. \nPHPNuke versions 6.9 and prior have been reported to be prone to this issue, however other versions may be affected as well. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. The \\\u0027\\\u0027index.php\\\u0027\\\u0027 script included in PHP-Nuke lacks adequate filtering of the parameters submitted by users. When performing a search, the index.php script does not fully filter the data submitted by the user to the $category variable. Submitting data containing SQL commands as the $category variable parameter can change the original database logic, obtain database sensitive information and modify database content",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-0269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000750"
          },
          {
            "db": "BID",
            "id": "9630"
          },
          {
            "db": "VULHUB",
            "id": "VHN-8699"
          }
        ],
        "trust": 1.98
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-8699",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8699"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2004-0269",
            "trust": 3.6
          },
          {
            "db": "BID",
            "id": "9630",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000750",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-123",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20040210 [SCAN ASSOCIATES SDN BHD SECURITY ADVISORY] PHPNUKE 6.9 \u003e AND BELOW SQL INJECTION IN MULTIPLE MODULE",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "15115",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-76388",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-77430",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "22589",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "23680",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-8699",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8699"
          },
          {
            "db": "BID",
            "id": "9630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000750"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-123"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0269"
          }
        ]
      },
      "id": "VAR-200411-0029",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8699"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-05-28T18:21:34.508000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000750"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0269"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/9630"
          },
          {
            "trust": 1.9,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15115"
          },
          {
            "trust": 1.8,
            "url": "http://marc.info/?l=bugtraq\u0026m=107643348117646\u0026w=2"
          },
          {
            "trust": 1.7,
            "url": "http://www.scan-associates.net/papers/phpnuke69.txt"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0269"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=107643348117646\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/15115"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/353291"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=107643348117646\u0026amp;w=2"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8699"
          },
          {
            "db": "BID",
            "id": "9630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000750"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-123"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0269"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-8699"
          },
          {
            "db": "BID",
            "id": "9630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000750"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-123"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0269"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2004-11-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-8699"
          },
          {
            "date": "2004-02-10T00:00:00",
            "db": "BID",
            "id": "9630"
          },
          {
            "date": "2024-05-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2004-000750"
          },
          {
            "date": "2004-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200411-123"
          },
          {
            "date": "2004-11-23T05:00:00",
            "db": "NVD",
            "id": "CVE-2004-0269"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-8699"
          },
          {
            "date": "2009-07-12T02:06:00",
            "db": "BID",
            "id": "9630"
          },
          {
            "date": "2024-05-27T03:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2004-000750"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200411-123"
          },
          {
            "date": "2017-07-11T01:30:01.510000",
            "db": "NVD",
            "id": "CVE-2004-0269"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-123"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "francisco\u00a0burzi\u00a0 of \u00a0php-nuke\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000750"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-123"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200411-0122

    Vulnerability from variot - Updated: 2024-05-28 18:12

    Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. francisco burzi of php-nuke Exists in unspecified vulnerabilities.None. It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. This would occur in the security context of the site hosting the software

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200411-0122",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "6.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "7.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "6.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "6.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "francisco burzi",
            "version": "6.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.0_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.5_beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.5_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.5_rc1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": null
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 rc1"
          },
          {
            "model": "php-nuke",
            "scope": null,
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": null
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "7.0 final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "6.5 rc2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "6.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "6.7"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "6.6"
          },
          {
            "model": "burzi php-nuke rc3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke beta",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "6.51"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "9613"
          },
          {
            "db": "BID",
            "id": "9605"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000748"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-168"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0265"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-0265"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovery of this issue is credited to Janek Vind \u003ccome2waraxe@yahoo.com\u003e.",
        "sources": [
          {
            "db": "BID",
            "id": "9613"
          },
          {
            "db": "BID",
            "id": "9605"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-168"
          }
        ],
        "trust": 1.2
      },
      "cve": "CVE-2004-0265",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2004-0265",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-8695",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2004-0265",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200411-168",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-8695",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000748"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-168"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0265"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. francisco burzi of php-nuke Exists in unspecified vulnerabilities.None. It has been reported that the PHP-Nuke module \u0027News\u0027 is prone to a cross-site scripting vulnerability.  The issue arises due to the module failing to properly sanitize user-supplied information.  This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. This would occur in the security context of the site hosting the software",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-0265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000748"
          },
          {
            "db": "BID",
            "id": "9613"
          },
          {
            "db": "BID",
            "id": "9605"
          },
          {
            "db": "VULHUB",
            "id": "VHN-8695"
          }
        ],
        "trust": 2.25
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-8695",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8695"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2004-0265",
            "trust": 3.9
          },
          {
            "db": "BID",
            "id": "9605",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "9613",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000748",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-168",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20040208 [WARAXE-2004-SA#002] - CROSS-SITE SCRIPTING (XSS) IN PHP-NUKE 7.1.0",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "15076",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "23669",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-77419",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-8695",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8695"
          },
          {
            "db": "BID",
            "id": "9613"
          },
          {
            "db": "BID",
            "id": "9605"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000748"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-168"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0265"
          }
        ]
      },
      "id": "VAR-200411-0122",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8695"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-05-28T18:12:38.272000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000748"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0265"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/9605"
          },
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/9613"
          },
          {
            "trust": 1.9,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15076"
          },
          {
            "trust": 1.8,
            "url": "http://marc.info/?l=bugtraq\u0026m=107634727520936\u0026w=2"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0265"
          },
          {
            "trust": 0.6,
            "url": "/archive/1/353188"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/15076"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=107634727520936\u0026w=2"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=107634727520936\u0026amp;w=2"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8695"
          },
          {
            "db": "BID",
            "id": "9613"
          },
          {
            "db": "BID",
            "id": "9605"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000748"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-168"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0265"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-8695"
          },
          {
            "db": "BID",
            "id": "9613"
          },
          {
            "db": "BID",
            "id": "9605"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000748"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200411-168"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-0265"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2004-11-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-8695"
          },
          {
            "date": "2004-02-09T00:00:00",
            "db": "BID",
            "id": "9613"
          },
          {
            "date": "2004-02-09T00:00:00",
            "db": "BID",
            "id": "9605"
          },
          {
            "date": "2024-05-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2004-000748"
          },
          {
            "date": "2004-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200411-168"
          },
          {
            "date": "2004-11-23T05:00:00",
            "db": "NVD",
            "id": "CVE-2004-0265"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-8695"
          },
          {
            "date": "2009-07-12T02:06:00",
            "db": "BID",
            "id": "9613"
          },
          {
            "date": "2009-07-12T02:06:00",
            "db": "BID",
            "id": "9605"
          },
          {
            "date": "2024-05-27T03:24:00",
            "db": "JVNDB",
            "id": "JVNDB-2004-000748"
          },
          {
            "date": "2007-01-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200411-168"
          },
          {
            "date": "2017-07-11T01:30:01.307000",
            "db": "NVD",
            "id": "CVE-2004-0265"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "9613"
          },
          {
            "db": "BID",
            "id": "9605"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "francisco\u00a0burzi\u00a0 of \u00a0php-nuke\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2004-000748"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "9613"
          },
          {
            "db": "BID",
            "id": "9605"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200212-0099

    Vulnerability from variot - Updated: 2024-02-14 23:07

    sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. PHPNuke is a website creation/maintenance tool. It is can be back-ended by a number of database products such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. Access to the debugging feature is not restricted to administrators. This may be used by a remote attacker to disclose sensitive information about the database which may contribute to further attacks against the website running PHPNuke and the database. It is not known whether PostNuke is also affected by this issue

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200212-0099",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "4.4"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "4.4.1a"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.0.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "4.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "3.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "4.3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "2.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "1.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "5.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "5.3.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "5.4"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "5.2a"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.4"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.3.1"
          },
          {
            "model": "burzi php-nuke a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.0.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.0"
          },
          {
            "model": "burzi php-nuke a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.4.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.4"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.3"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "3.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "2.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "1.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "3906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2032"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.4.1a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-2032"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cabezon Aurelien\u203b aurelien.cabezon@isecurelabs.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2002-2032",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-6415",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2002-2032",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200212-243",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-6415",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-6415"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2032"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. PHPNuke is a website creation/maintenance tool. It is can be back-ended by a number of database products such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. Access to the debugging feature is not restricted to administrators. \nThis may be used by a remote attacker to disclose sensitive information about the database which may contribute to further attacks against the website running PHPNuke and the database. \nIt is not known whether PostNuke is also affected by this issue",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-2032"
          },
          {
            "db": "BID",
            "id": "3906"
          },
          {
            "db": "VULHUB",
            "id": "VHN-6415"
          }
        ],
        "trust": 1.26
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-6415",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-6415"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "3906",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2032",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200212-243",
            "trust": 0.7
          },
          {
            "db": "NSFOCUS",
            "id": "2145",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "21233",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-75068",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-6415",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-6415"
          },
          {
            "db": "BID",
            "id": "3906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2032"
          }
        ]
      },
      "id": "VAR-200212-0099",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-6415"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-02-14T23:07:01.561000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-2032"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/3906"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfaq.com/unixfocus/5op041p6be.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/2145"
          },
          {
            "trust": 0.3,
            "url": "http://www.irannuke.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-6415"
          },
          {
            "db": "BID",
            "id": "3906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2032"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-6415"
          },
          {
            "db": "BID",
            "id": "3906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-2032"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2002-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-6415"
          },
          {
            "date": "2002-01-18T00:00:00",
            "db": "BID",
            "id": "3906"
          },
          {
            "date": "2002-01-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          },
          {
            "date": "2002-12-31T05:00:00",
            "db": "NVD",
            "id": "CVE-2002-2032"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-09-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-6415"
          },
          {
            "date": "2002-01-18T00:00:00",
            "db": "BID",
            "id": "3906"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          },
          {
            "date": "2024-02-14T01:17:43.863000",
            "db": "NVD",
            "id": "CVE-2002-2032"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke SQL_Debug Debugging Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "3906"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200212-243"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-200512-0910

    Vulnerability from variot - Updated: 2024-02-13 23:05

    Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. PHP-Nuke is prone to a sql-injection vulnerability. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. There are multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8. When magic_quotes_gpc is disabled, a remote attacker can execute arbitrary SQL commands. Such requests bypass the security checks performed for GET requests.


    Bist Du interessiert an einem neuen Job in IT-Sicherheit?

    Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/


    TITLE: PHP-Nuke SQL Injection Vulnerabilities

    SECUNIA ADVISORY ID: SA16801

    VERIFY ADVISORY: http://secunia.com/advisories/16801/

    CRITICAL: Moderately critical

    IMPACT: Manipulation of data

    WHERE:

    From remote

    SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/

    DESCRIPTION: Robin Verton has discovered some vulnerabilities in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

    The vulnerabilities have been confirmed in version 7.7. Version 7.8 and prior are reportedly also be affected.

    SOLUTION: Edit the source code to ensure that input is properly sanitised.

    PROVIDED AND/OR DISCOVERED BY: Robin Verton


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200512-0910",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.8"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.8"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "86927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4715"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-4715"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "86927"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2005-4715",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-15923",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2005-4715",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2005-4715",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200512-783",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-15923",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2005-4715",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-15923"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-4715"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4715"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. PHP-Nuke is prone to a sql-injection vulnerability. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. There are multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8. When magic_quotes_gpc is disabled, a remote attacker can execute arbitrary SQL commands. Such requests bypass the security checks performed for GET requests. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nPHP-Nuke SQL Injection Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA16801\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/16801/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nManipulation of data\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPHP-Nuke 7.x\nhttp://secunia.com/product/2385/\n\nDESCRIPTION:\nRobin Verton has discovered some vulnerabilities in PHP-Nuke, which\ncan be exploited by malicious people to conduct SQL injection\nattacks. This can be exploited to manipulate SQL\nqueries by injecting arbitrary SQL code. \n\nThe vulnerabilities have been confirmed in version 7.7. Version 7.8\nand prior are reportedly also be affected. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nPROVIDED AND/OR DISCOVERED BY:\nRobin Verton\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-4715"
          },
          {
            "db": "BID",
            "id": "86927"
          },
          {
            "db": "VULHUB",
            "id": "VHN-15923"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-4715"
          },
          {
            "db": "PACKETSTORM",
            "id": "40022"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SREASON",
            "id": "3",
            "trust": 2.1
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4715",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "16801",
            "trust": 1.9
          },
          {
            "db": "OSVDB",
            "id": "19351",
            "trust": 1.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-783",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20050913 RE: PHP NUKE \u003c= 7.8 MULTIPLE SQL INJECTIONS",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20050916 RE: PHP NUKE \u003c= 7.8 MULTIPLE SQL INJECTIONS",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20050912 PHP NUKE \u003c= 7.8 MULTIPLE SQL INJECTIONS",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20050914 RE: PHP NUKE \u003c= 7.8 MULTIPLE SQL INJECTIONS",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "22247",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "86927",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-15923",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-4715",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "40022",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-15923"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-4715"
          },
          {
            "db": "BID",
            "id": "86927"
          },
          {
            "db": "PACKETSTORM",
            "id": "40022"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4715"
          }
        ]
      },
      "id": "VAR-200512-0910",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-15923"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-02-13T23:05:10.655000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-4715"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0119.html"
          },
          {
            "trust": 2.1,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0176.html"
          },
          {
            "trust": 2.1,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0167.html"
          },
          {
            "trust": 2.1,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0226.html"
          },
          {
            "trust": 2.1,
            "url": "http://www.nukefixes.com/ftopict-1779-.html#7641"
          },
          {
            "trust": 2.1,
            "url": "http://securityreason.com/securityalert/3"
          },
          {
            "trust": 2.0,
            "url": "http://phpnuke.org/modules.php?name=news\u0026file=article\u0026sid=7434"
          },
          {
            "trust": 1.8,
            "url": "http://www.osvdb.org/19351"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/16801"
          },
          {
            "trust": 1.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22247"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/22247"
          },
          {
            "trust": 0.1,
            "url": "http://phpnuke.org/modules.php?name=news\u0026amp;file=article\u0026amp;sid=7434"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/2385/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_vacancies/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/16801/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-15923"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-4715"
          },
          {
            "db": "BID",
            "id": "86927"
          },
          {
            "db": "PACKETSTORM",
            "id": "40022"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4715"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-15923"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-4715"
          },
          {
            "db": "BID",
            "id": "86927"
          },
          {
            "db": "PACKETSTORM",
            "id": "40022"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-783"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4715"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-15923"
          },
          {
            "date": "2005-12-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2005-4715"
          },
          {
            "date": "2005-12-31T00:00:00",
            "db": "BID",
            "id": "86927"
          },
          {
            "date": "2005-09-14T06:31:57",
            "db": "PACKETSTORM",
            "id": "40022"
          },
          {
            "date": "2005-12-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200512-783"
          },
          {
            "date": "2005-12-31T05:00:00",
            "db": "NVD",
            "id": "CVE-2005-4715"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-15923"
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2005-4715"
          },
          {
            "date": "2005-12-31T00:00:00",
            "db": "BID",
            "id": "86927"
          },
          {
            "date": "2006-02-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200512-783"
          },
          {
            "date": "2017-07-20T01:29:23.550000",
            "db": "NVD",
            "id": "CVE-2005-4715"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-783"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke modules.php Multiple SQL Injection vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-783"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "sql injection",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "40022"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-783"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-200306-0082

    Vulnerability from variot - Updated: 2024-02-13 22:41

    Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. PHP-Nuke is prone to a cross-site scripting vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200306-0082",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "82844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-028"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-0318"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2003-0318"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "82844"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2003-0318",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-7147",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2003-0318",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2003-0318",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200306-028",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-7147",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2003-0318",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-7147"
          },
          {
            "db": "VULMON",
            "id": "CVE-2003-0318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-028"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-0318"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. PHP-Nuke is prone to a cross-site scripting vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2003-0318"
          },
          {
            "db": "BID",
            "id": "82844"
          },
          {
            "db": "VULHUB",
            "id": "VHN-7147"
          },
          {
            "db": "VULMON",
            "id": "CVE-2003-0318"
          }
        ],
        "trust": 1.35
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2003-0318",
            "trust": 2.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-028",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20030517 PHP-NUKE CODE INJECTION IN YEARLY STATS AT STATISTICS MODULE",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "82844",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-7147",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2003-0318",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-7147"
          },
          {
            "db": "VULMON",
            "id": "CVE-2003-0318"
          },
          {
            "db": "BID",
            "id": "82844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-028"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-0318"
          }
        ]
      },
      "id": "VAR-200306-0082",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-7147"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-02-13T22:41:46.801000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2003-0318"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=105319538308834\u0026w=2"
          },
          {
            "trust": 0.9,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105319538308834\u0026w=2"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=105319538308834\u0026amp;w=2"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-7147"
          },
          {
            "db": "VULMON",
            "id": "CVE-2003-0318"
          },
          {
            "db": "BID",
            "id": "82844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-028"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-0318"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-7147"
          },
          {
            "db": "VULMON",
            "id": "CVE-2003-0318"
          },
          {
            "db": "BID",
            "id": "82844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-028"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-0318"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2003-06-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-7147"
          },
          {
            "date": "2003-06-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2003-0318"
          },
          {
            "date": "2003-06-09T00:00:00",
            "db": "BID",
            "id": "82844"
          },
          {
            "date": "2003-06-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200306-028"
          },
          {
            "date": "2003-06-09T04:00:00",
            "db": "NVD",
            "id": "CVE-2003-0318"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-10-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-7147"
          },
          {
            "date": "2016-10-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2003-0318"
          },
          {
            "date": "2003-06-09T00:00:00",
            "db": "BID",
            "id": "82844"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200306-028"
          },
          {
            "date": "2016-10-18T02:32:21.520000",
            "db": "NVD",
            "id": "CVE-2003-0318"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-028"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Cross-site scripting (XSS) Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-028"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200306-028"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200505-1049

    Vulnerability from variot - Updated: 2024-02-13 22:33

    The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. PHP-Nuke is prone to a information disclosure vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200505-1049",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.6"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.6"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "90143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-777"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0998"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-0998"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "90143"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2005-0998",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-12207",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2005-0998",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2005-0998",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200505-777",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-12207",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2005-0998",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-12207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0998"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-777"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0998"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. PHP-Nuke is prone to a information disclosure vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-0998"
          },
          {
            "db": "BID",
            "id": "90143"
          },
          {
            "db": "VULHUB",
            "id": "VHN-12207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0998"
          }
        ],
        "trust": 1.35
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2005-0998",
            "trust": 2.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-777",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20050403 [SECURITYREASON.COM] PHPNUKE 7.6 MULTIPLE VULNERABILITIES IN WEB_LINKS MODULE CXIB8O3.14",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "90143",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-12207",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0998",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-12207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0998"
          },
          {
            "db": "BID",
            "id": "90143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-777"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0998"
          }
        ]
      },
      "id": "VAR-200505-1049",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-12207"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-02-13T22:33:10.493000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-0998"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=111289685724764\u0026w=2"
          },
          {
            "trust": 0.9,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=111289685724764\u0026w=2"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=111289685724764\u0026amp;w=2"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-12207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0998"
          },
          {
            "db": "BID",
            "id": "90143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-777"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0998"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-12207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0998"
          },
          {
            "db": "BID",
            "id": "90143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-777"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0998"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-05-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-12207"
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2005-0998"
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "BID",
            "id": "90143"
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200505-777"
          },
          {
            "date": "2005-05-02T04:00:00",
            "db": "NVD",
            "id": "CVE-2005-0998"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-10-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-12207"
          },
          {
            "date": "2016-10-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2005-0998"
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "BID",
            "id": "90143"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200505-777"
          },
          {
            "date": "2016-10-18T03:16:21.833000",
            "db": "NVD",
            "id": "CVE-2005-0998"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-777"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-777"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "unknown",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200505-777"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200412-1226

    Vulnerability from variot - Updated: 2024-02-09 22:39

    Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. This issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke's handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200412-1226",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "phpnuke",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "phpnuke",
            "version": "7.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "6.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "6.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "7.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "6.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "6.5_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "7.0_final"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.7"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.6"
          },
          {
            "model": "burzi php-nuke rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.51"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "9895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.1",
                    "versionStartIncluding": "6.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Janek Vind\u203b come2waraxe@yahoo.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2004-1842",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-10271",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2004-1842",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2004-1842",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200412-738",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-10271",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2004-1842",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10271"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-1842"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability.  This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. \nThis issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke\u0027s handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1842"
          },
          {
            "db": "BID",
            "id": "9895"
          },
          {
            "db": "VULHUB",
            "id": "VHN-10271"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-1842"
          }
        ],
        "trust": 1.35
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-10271",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=23835",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10271"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "9895",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "11195",
            "trust": 1.8
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1842",
            "trust": 1.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-738",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "15596",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "6194",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20040322 [WARAXE-2004-SA#008 - EASY WAY TO GET SUPERADMIN RIGHTS IN PHPNUKE 6.X-7.1.0]",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "23835",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-77580",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-10271",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-1842",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10271"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-1842"
          },
          {
            "db": "BID",
            "id": "9895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "id": "VAR-200412-1226",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10271"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-02-09T22:39:13.083000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/faizhaffizudin/case-study-hamsa "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/9895"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/11195"
          },
          {
            "trust": 1.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15596"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=108006309112075\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/15596"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108006309112075\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/6194"
          },
          {
            "trust": 0.3,
            "url": "http://www.irannuke.com/"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=108006309112075\u0026amp;w=2"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/23835/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10271"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-1842"
          },
          {
            "db": "BID",
            "id": "9895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-10271"
          },
          {
            "db": "VULMON",
            "id": "CVE-2004-1842"
          },
          {
            "db": "BID",
            "id": "9895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2004-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-10271"
          },
          {
            "date": "2004-12-31T00:00:00",
            "db": "VULMON",
            "id": "CVE-2004-1842"
          },
          {
            "date": "2004-03-16T00:00:00",
            "db": "BID",
            "id": "9895"
          },
          {
            "date": "2004-03-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          },
          {
            "date": "2004-12-31T05:00:00",
            "db": "NVD",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-10271"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2004-1842"
          },
          {
            "date": "2004-03-16T00:00:00",
            "db": "BID",
            "id": "9895"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          },
          {
            "date": "2024-02-08T20:46:14.233000",
            "db": "NVD",
            "id": "CVE-2004-1842"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Image Tag management command execution vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200412-738"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200612-0689

    Vulnerability from variot - Updated: 2023-12-18 14:02

    Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. The PHP-Nuke News module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. PHP-Nuke 7.9 and prior versions are vulnerable.


    To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

    The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

    This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links

    Read the full description: http://corporate.secunia.com/products/48/?r=l

    Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l


    TITLE: PHP-Nuke "modules/News/index.php" SQL Injection Vulnerabilities

    SECUNIA ADVISORY ID: SA23128

    VERIFY ADVISORY: http://secunia.com/advisories/23128/

    CRITICAL: Moderately critical

    IMPACT: Manipulation of data, Exposure of sensitive information

    WHERE:

    From remote

    SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/

    DESCRIPTION: Paisterist has discovered two vulnerabilities in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks.

    Input passed to the "sid" parameter in modules/News/index.php from modules.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

    Successful exploitation allows retrieval of administrator usernames and password hashes, but requires that "magic_quotes_gpc" is disabled and that the attacker knows the prefix for the database tables.

    The vulnerabilities are confirmed in version 7.9.

    SOLUTION: Edit the source code to ensure that input is properly sanitised.

    Set "magic_quotes_gpc" in php.ini to On.

    Use another product.

    PROVIDED AND/OR DISCOVERED BY: Paisterist

    ORIGINAL ADVISORY: http://www.neosecurityteam.net/index.php?action=advisories&id=30


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200612-0689",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.8"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.8_patched_3.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.0_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.4"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.2"
          },
          {
            "model": "php-nuke",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "francisco burzi",
            "version": "7.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.8"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.4"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.3"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.6"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.8"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.6"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "21277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001656"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6200"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.8_patched_3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6200"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Paisterist is credited with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "21277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2006-6200",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2006-6200",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-22308",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-6200",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200611-494",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-22308",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-22308"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001656"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6200"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. The PHP-Nuke News module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. \nPHP-Nuke 7.9 and prior versions are vulnerable. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nPHP-Nuke \"modules/News/index.php\" SQL Injection Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA23128\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23128/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nManipulation of data, Exposure of sensitive information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPHP-Nuke 7.x\nhttp://secunia.com/product/2385/\n\nDESCRIPTION:\nPaisterist has discovered two vulnerabilities in PHP-Nuke, which can\nbe exploited by malicious people to conduct SQL injection attacks. \n\nInput passed to the \"sid\" parameter in modules/News/index.php from\nmodules.php is not properly sanitised before being used in SQL\nqueries. This can be exploited to manipulate SQL queries by injecting\narbitrary SQL code. \n\nSuccessful exploitation allows retrieval of administrator usernames\nand password hashes, but requires that \"magic_quotes_gpc\" is disabled\nand that the attacker knows the prefix for the database tables. \n\nThe vulnerabilities are confirmed in version 7.9. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nSet \"magic_quotes_gpc\" in php.ini to On. \n\nUse another product. \n\nPROVIDED AND/OR DISCOVERED BY:\nPaisterist\n\nORIGINAL ADVISORY:\nhttp://www.neosecurityteam.net/index.php?action=advisories\u0026id=30\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6200"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001656"
          },
          {
            "db": "BID",
            "id": "21277"
          },
          {
            "db": "VULHUB",
            "id": "VHN-22308"
          },
          {
            "db": "PACKETSTORM",
            "id": "52555"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-6200",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "21277",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "23128",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1017282",
            "trust": 1.7
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4739",
            "trust": 1.7
          },
          {
            "db": "SREASON",
            "id": "1935",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001656",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200611-494",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20061124 PHP-NUKE \u003c= 7.9 NEWS MODULE \"SID\" SQL INJECTION VULNERABILITIES",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "30525",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-22308",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "52555",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-22308"
          },
          {
            "db": "BID",
            "id": "21277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001656"
          },
          {
            "db": "PACKETSTORM",
            "id": "52555"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6200"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ]
      },
      "id": "VAR-200612-0689",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-22308"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T14:02:36.402000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://phpnuke.org/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001656"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6200"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/21277"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1017282"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/23128"
          },
          {
            "trust": 1.7,
            "url": "http://securityreason.com/securityalert/1935"
          },
          {
            "trust": 1.7,
            "url": "http://www.neosecurityteam.net/index.php?action=advisories\u0026id=30"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/452553/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2006/4739"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30525"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6200"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6200"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/30525"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2006/4739"
          },
          {
            "trust": 0.3,
            "url": "http://www.phpnuke.org"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/452553"
          },
          {
            "trust": 0.1,
            "url": "http://www.neosecurityteam.net/index.php?action=advisories\u0026amp;id=30"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://corporate.secunia.com/products/48/?r=l"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/2385/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/23128/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-22308"
          },
          {
            "db": "BID",
            "id": "21277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001656"
          },
          {
            "db": "PACKETSTORM",
            "id": "52555"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6200"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-22308"
          },
          {
            "db": "BID",
            "id": "21277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001656"
          },
          {
            "db": "PACKETSTORM",
            "id": "52555"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6200"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-12-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-22308"
          },
          {
            "date": "2006-11-24T00:00:00",
            "db": "BID",
            "id": "21277"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-001656"
          },
          {
            "date": "2006-11-29T15:21:40",
            "db": "PACKETSTORM",
            "id": "52555"
          },
          {
            "date": "2006-12-01T01:28:00",
            "db": "NVD",
            "id": "CVE-2006-6200"
          },
          {
            "date": "2006-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-22308"
          },
          {
            "date": "2008-01-23T16:38:00",
            "db": "BID",
            "id": "21277"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-001656"
          },
          {
            "date": "2018-10-17T21:47:12.390000",
            "db": "NVD",
            "id": "CVE-2006-6200"
          },
          {
            "date": "2006-12-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke News Module Index.PHP SQL Injection Vulnerability",
        "sources": [
          {
            "db": "BID",
            "id": "21277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "sql injection",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "52555"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200611-494"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-200512-0217

    Vulnerability from variot - Updated: 2023-12-18 13:58

    Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke. PHPNuke is prone to a content filtering bypass vulnerability. This issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks. PHPNuke 7.9 and prior versions are reported to be vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200512-0217",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.8"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.6"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.7"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.3"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.8"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "15855"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4260"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-4260"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Maksymilian Arciemowicz \u003cmax@jestsuper.pl\u003e.",
        "sources": [
          {
            "db": "BID",
            "id": "15855"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2005-4260",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-15468",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2005-4260",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200512-316",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-15468",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-15468"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4260"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the \"\u003e\" in the tag with a \"\u003c\", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers.  NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke. PHPNuke is prone to a content filtering bypass vulnerability.  This issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks. \nPHPNuke 7.9 and prior versions are reported to be vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-4260"
          },
          {
            "db": "BID",
            "id": "15855"
          },
          {
            "db": "VULHUB",
            "id": "VHN-15468"
          }
        ],
        "trust": 1.26
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-15468",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-15468"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "15855",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4260",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-316",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20051214 BYPASS XSS FILTER IN PHPNUKE 7.9=\u003eX",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20051220 RE: XSS BYPASS IN PHPNUKE - FIX ?",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "26817",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-15468",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-15468"
          },
          {
            "db": "BID",
            "id": "15855"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4260"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ]
      },
      "id": "VAR-200512-0217",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-15468"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:58:31.159000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-4260"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/15855"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/419496/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/419991/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/419991/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/419496/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "http://www.irannuke.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-15468"
          },
          {
            "db": "BID",
            "id": "15855"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4260"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-15468"
          },
          {
            "db": "BID",
            "id": "15855"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-4260"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-12-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-15468"
          },
          {
            "date": "2005-12-14T00:00:00",
            "db": "BID",
            "id": "15855"
          },
          {
            "date": "2005-12-15T11:03:00",
            "db": "NVD",
            "id": "CVE-2005-4260"
          },
          {
            "date": "2005-12-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-15468"
          },
          {
            "date": "2005-12-14T00:00:00",
            "db": "BID",
            "id": "15855"
          },
          {
            "date": "2018-10-19T15:40:42.473000",
            "db": "NVD",
            "id": "CVE-2005-4260"
          },
          {
            "date": "2006-06-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHPNuke Content Filtering Bypass Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200512-316"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200602-0274

    Vulnerability from variot - Updated: 2023-12-18 13:58

    SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). PHPNuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is an input validation vulnerability in the implementation of Your_Account module of PHP-Nuke. The Your_Account module of PHP-Nuke does not fully filter and check the username parameter. A remote attacker may insert malicious SQL commands into this parameter, thereby obtaining unauthorized operations on the background database.

    TITLE: PHP-Nuke "Your_Account" Module SQL Injection Vulnerability

    SECUNIA ADVISORY ID: SA18931

    VERIFY ADVISORY: http://secunia.com/advisories/18931/

    CRITICAL: Moderately critical

    IMPACT: Manipulation of data

    WHERE:

    From remote

    SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ PHP-Nuke 6.x http://secunia.com/product/329/

    DESCRIPTION: sp3x has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

    The vulnerability has been confirmed in version 7.8. Other versions may also be affected.

    SOLUTION: The vulnerability has reportedly been fixed in version 7.9 with patch 3.1.

    PROVIDED AND/OR DISCOVERED BY: sp3x

    ORIGINAL ADVISORY: http://securityreason.com/securityalert/440


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200602-0274",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke ev",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.8"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.4"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.8"
          },
          {
            "model": "php-nuke",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "php nuke",
            "version": "7.9"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "16691"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0679"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke_ev:7.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-0679"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "sp3x sp3 @ xsecurityreason.com)",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-0679",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-16787",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-0679",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200602-245",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-16787",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-16787"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0679"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). PHPNuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. \nSuccessful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is an input validation vulnerability in the implementation of Your_Account module of PHP-Nuke. The Your_Account module of PHP-Nuke does not fully filter and check the username parameter. A remote attacker may insert malicious SQL commands into this parameter, thereby obtaining unauthorized operations on the background database. \n\nTITLE:\nPHP-Nuke \"Your_Account\" Module SQL Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA18931\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18931/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nManipulation of data\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPHP-Nuke 7.x\nhttp://secunia.com/product/2385/\nPHP-Nuke 6.x\nhttp://secunia.com/product/329/\n\nDESCRIPTION:\nsp3x has discovered a vulnerability in PHP-Nuke, which can be\nexploited by malicious people to conduct SQL injection attacks. This can be\nexploited to manipulate SQL queries by injecting arbitrary SQL code. \n\nThe vulnerability has been confirmed in version 7.8. Other versions\nmay also be affected. \n\nSOLUTION:\nThe vulnerability has reportedly been fixed in version 7.9 with patch\n3.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nsp3x\n\nORIGINAL ADVISORY:\nhttp://securityreason.com/securityalert/440\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-0679"
          },
          {
            "db": "BID",
            "id": "16691"
          },
          {
            "db": "VULHUB",
            "id": "VHN-16787"
          },
          {
            "db": "PACKETSTORM",
            "id": "43953"
          }
        ],
        "trust": 1.35
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-0679",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "16691",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "18931",
            "trust": 1.9
          },
          {
            "db": "SREASON",
            "id": "440",
            "trust": 1.8
          },
          {
            "db": "OSVDB",
            "id": "23259",
            "trust": 1.7
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-0636",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-245",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "24769",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20060216 CRITICAL SQL INJECTION PHPNUKE \u003c= 7.8 - YOUR_ACCOUNT MODULE",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20060216 CRITICAL SQL INJECTION PHPNUKE \u003c= 7.8 - YOUR_ACCOUNT MODULE",
            "trust": 0.6
          },
          {
            "db": "SREASONRES",
            "id": "20060216 CRITICAL SQL INJECTION PHPNUKE \u003c= 7.8 - YOUR_ACCOUNT MODULE",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-16787",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "43953",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-16787"
          },
          {
            "db": "BID",
            "id": "16691"
          },
          {
            "db": "PACKETSTORM",
            "id": "43953"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0679"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ]
      },
      "id": "VAR-200602-0274",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-16787"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:58:30.221000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-0679"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://securityreason.com/securityalert/440"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/16691"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0358.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/23259"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/18931"
          },
          {
            "trust": 1.7,
            "url": "http://securityreason.com/achievement_securityalert/32"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/425173/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2006/0636"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24769"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/24769"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/425173/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2006/0636"
          },
          {
            "trust": 0.3,
            "url": "http://www.ncc.org.ve/php-nuke.php3?op=english"
          },
          {
            "trust": 0.3,
            "url": "http://www.irannuke.com/"
          },
          {
            "trust": 0.3,
            "url": "http://securityreason.com/achievement_exploitalert/7"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/425173"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/329/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/18931/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/2385/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-16787"
          },
          {
            "db": "BID",
            "id": "16691"
          },
          {
            "db": "PACKETSTORM",
            "id": "43953"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0679"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-16787"
          },
          {
            "db": "BID",
            "id": "16691"
          },
          {
            "db": "PACKETSTORM",
            "id": "43953"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0679"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-02-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-16787"
          },
          {
            "date": "2006-02-16T00:00:00",
            "db": "BID",
            "id": "16691"
          },
          {
            "date": "2006-02-17T23:46:33",
            "db": "PACKETSTORM",
            "id": "43953"
          },
          {
            "date": "2006-02-16T20:06:00",
            "db": "NVD",
            "id": "CVE-2006-0679"
          },
          {
            "date": "2006-02-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-16787"
          },
          {
            "date": "2006-02-17T02:42:00",
            "db": "BID",
            "id": "16691"
          },
          {
            "date": "2018-10-19T15:45:50.427000",
            "db": "NVD",
            "id": "CVE-2006-0679"
          },
          {
            "date": "2006-02-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Your_Account Module remote SQL Injection vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "sql injection",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "43953"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-245"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-200112-0175

    Vulnerability from variot - Updated: 2023-12-18 13:50

    Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. PHP-Nuke is prone to a cross-site scripting vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200112-0175",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "8.0_final"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "8.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "82923"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1522"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-166"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:8.0_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1522"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "82923"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-1522",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-4323",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2001-1522",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200112-166",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-4323",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4323"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1522"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-166"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. PHP-Nuke is prone to a cross-site scripting vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1522"
          },
          {
            "db": "BID",
            "id": "82923"
          },
          {
            "db": "VULHUB",
            "id": "VHN-4323"
          }
        ],
        "trust": 1.26
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-1522",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-166",
            "trust": 0.7
          },
          {
            "db": "VULN-DEV",
            "id": "20011215 SECURITY HOLE IN IMESSENGER ( PHP-NUKE )",
            "trust": 0.6
          },
          {
            "db": "VULN-DEV",
            "id": "20011215 SERIOUS BUG IN IMESSENGER ( PHP-NUKE )",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "82923",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-4323",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4323"
          },
          {
            "db": "BID",
            "id": "82923"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1522"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-166"
          }
        ]
      },
      "id": "VAR-200112-0175",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4323"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:50:05.740000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1522"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0848.html"
          },
          {
            "trust": 2.0,
            "url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0851.html"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4323"
          },
          {
            "db": "BID",
            "id": "82923"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1522"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-166"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-4323"
          },
          {
            "db": "BID",
            "id": "82923"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1522"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-166"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2001-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-4323"
          },
          {
            "date": "2001-12-31T00:00:00",
            "db": "BID",
            "id": "82923"
          },
          {
            "date": "2001-12-31T05:00:00",
            "db": "NVD",
            "id": "CVE-2001-1522"
          },
          {
            "date": "2001-12-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200112-166"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-09-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-4323"
          },
          {
            "date": "2001-12-31T00:00:00",
            "db": "BID",
            "id": "82923"
          },
          {
            "date": "2008-09-05T20:26:46.137000",
            "db": "NVD",
            "id": "CVE-2001-1522"
          },
          {
            "date": "2006-09-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200112-166"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-166"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Imessenger Cross-site scripting XSS Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-166"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-166"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200105-0067

    Vulnerability from variot - Updated: 2023-12-18 13:45

    opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. PHP-Nuke is prone to a remote security vulnerability. PHP-Nuke is a popular website development and management tool. PHP-Nuke's opendir.php script implementation has an input validation vulnerability. < Link: http://www.iss.net/security_center/static/6512.php >

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200105-0067",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "8.0_final"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "8.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "88787"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200105-063"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:8.0_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0321"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "88787"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-0321",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-3143",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2001-0321",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200105-063",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3143",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3143"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200105-063"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. PHP-Nuke is prone to a remote security vulnerability. PHP-Nuke is a popular website development and management tool. PHP-Nuke\u0027s opendir.php script implementation has an input validation vulnerability. \u003c *Link: http://www.iss.net/security_center/static/6512.php* \u003e",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0321"
          },
          {
            "db": "BID",
            "id": "88787"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3143"
          }
        ],
        "trust": 1.26
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-0321",
            "trust": 2.0
          },
          {
            "db": "XF",
            "id": "6512",
            "trust": 0.9
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200105-063",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20010212 FWD: RE: PHPNUKE, SECURITY PROBLEM...",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "88787",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-3143",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3143"
          },
          {
            "db": "BID",
            "id": "88787"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200105-063"
          }
        ]
      },
      "id": "VAR-200105-0067",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3143"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:45:36.455000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0321"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6512"
          },
          {
            "trust": 0.9,
            "url": "http://xforce.iss.net/static/6512.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.phpnuke.org"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3143"
          },
          {
            "db": "BID",
            "id": "88787"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200105-063"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-3143"
          },
          {
            "db": "BID",
            "id": "88787"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200105-063"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2001-05-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3143"
          },
          {
            "date": "2001-05-03T00:00:00",
            "db": "BID",
            "id": "88787"
          },
          {
            "date": "2001-05-03T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-0321"
          },
          {
            "date": "2001-02-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200105-063"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3143"
          },
          {
            "date": "2001-05-03T00:00:00",
            "db": "BID",
            "id": "88787"
          },
          {
            "date": "2017-10-10T01:29:40.843000",
            "db": "NVD",
            "id": "CVE-2001-0321"
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200105-063"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200105-063"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke opendir.php Remote directory traversal vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200105-063"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "unknown",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200105-063"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200510-0068

    Vulnerability from variot - Updated: 2023-12-18 13:45

    Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. PHPNuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. Remote attackers can insert malicious SQL statement strings into the input data to operate the database without authorization.

    TITLE: PHP-Nuke SQL Injection Vulnerabilities

    SECUNIA ADVISORY ID: SA17315

    VERIFY ADVISORY: http://secunia.com/advisories/17315/

    CRITICAL: Moderately critical

    IMPACT: Manipulation of data

    WHERE:

    From remote

    SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/

    DESCRIPTION: rgod has discovered some vulnerabilities in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

    The vulnerabilities have been confirmed in version 7.8. Other versions may also be affected.

    SOLUTION: Edit the source code to ensure that input is properly sanitised.

    PROVIDED AND/OR DISCOVERED BY: rgod

    ORIGINAL ADVISORY: http://rgod.altervista.org/phpnuke78sql.html


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200510-0068",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.8"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.8"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "15178"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-194"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-3304"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rgod is credited with the discovery of these vulnerabilities.",
        "sources": [
          {
            "db": "BID",
            "id": "15178"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2005-3304",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-14513",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2005-3304",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2005-3304",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200510-194",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-14513",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2005-3304",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-14513"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-3304"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-194"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. PHPNuke is prone to multiple SQL injection vulnerabilities.  These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. \nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. Remote attackers can insert malicious SQL statement strings into the input data to operate the database without authorization. \n\nTITLE:\nPHP-Nuke SQL Injection Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA17315\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17315/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nManipulation of data\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPHP-Nuke 7.x\nhttp://secunia.com/product/2385/\n\nDESCRIPTION:\nrgod has discovered some vulnerabilities in PHP-Nuke, which can be\nexploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\nThe vulnerabilities have been confirmed in version 7.8. Other\nversions may also be affected. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nPROVIDED AND/OR DISCOVERED BY:\nrgod\n\nORIGINAL ADVISORY:\nhttp://rgod.altervista.org/phpnuke78sql.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-3304"
          },
          {
            "db": "BID",
            "id": "15178"
          },
          {
            "db": "VULHUB",
            "id": "VHN-14513"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-3304"
          },
          {
            "db": "PACKETSTORM",
            "id": "40880"
          }
        ],
        "trust": 1.44
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-14513",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32747",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-14513"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-3304"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "15178",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "17315",
            "trust": 1.9
          },
          {
            "db": "VUPEN",
            "id": "ADV-2005-2191",
            "trust": 1.8
          },
          {
            "db": "OSVDB",
            "id": "20293",
            "trust": 1.8
          },
          {
            "db": "OSVDB",
            "id": "20291",
            "trust": 1.8
          },
          {
            "db": "OSVDB",
            "id": "20292",
            "trust": 1.8
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3304",
            "trust": 1.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-194",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "22851",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20051023 PHPNUKE 7.8 WITH ALL SECURITY FIXES/PATCHES \"YOUR_ACCOUNT\",",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "32747",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-86021",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-14513",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-3304",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "40880",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-14513"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-3304"
          },
          {
            "db": "BID",
            "id": "15178"
          },
          {
            "db": "PACKETSTORM",
            "id": "40880"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-194"
          }
        ]
      },
      "id": "VAR-200510-0068",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-14513"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:45:24.713000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-3304"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "http://rgod.altervista.org/phpnuke78sql.html"
          },
          {
            "trust": 1.9,
            "url": "http://secunia.com/advisories/17315/"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/15178"
          },
          {
            "trust": 1.8,
            "url": "http://www.osvdb.org/20291"
          },
          {
            "trust": 1.8,
            "url": "http://www.osvdb.org/20292"
          },
          {
            "trust": 1.8,
            "url": "http://www.osvdb.org/20293"
          },
          {
            "trust": 1.2,
            "url": "http://www.vupen.com/english/advisories/2005/2191"
          },
          {
            "trust": 1.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22851"
          },
          {
            "trust": 1.2,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=113017049702436\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=113017049702436\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/22851"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2005/2191"
          },
          {
            "trust": 0.3,
            "url": "http://www.ncc.org.ve/php-nuke.php3?op=english"
          },
          {
            "trust": 0.3,
            "url": "http://www.irannuke.com/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/414329"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=113017049702436\u0026amp;w=2"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/32747/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/2385/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-14513"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-3304"
          },
          {
            "db": "BID",
            "id": "15178"
          },
          {
            "db": "PACKETSTORM",
            "id": "40880"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-194"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-14513"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-3304"
          },
          {
            "db": "BID",
            "id": "15178"
          },
          {
            "db": "PACKETSTORM",
            "id": "40880"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-194"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-10-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-14513"
          },
          {
            "date": "2005-10-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2005-3304"
          },
          {
            "date": "2005-10-24T00:00:00",
            "db": "BID",
            "id": "15178"
          },
          {
            "date": "2005-10-25T18:06:56",
            "db": "PACKETSTORM",
            "id": "40880"
          },
          {
            "date": "2005-10-26T01:02:00",
            "db": "NVD",
            "id": "CVE-2005-3304"
          },
          {
            "date": "2005-10-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200510-194"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-14513"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2005-3304"
          },
          {
            "date": "2005-10-24T00:00:00",
            "db": "BID",
            "id": "15178"
          },
          {
            "date": "2017-07-11T01:33:09.080000",
            "db": "NVD",
            "id": "CVE-2005-3304"
          },
          {
            "date": "2005-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200510-194"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-194"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Multiple modules remote SQL Injection vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-194"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "sql injection",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "40880"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200510-194"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201001-0217

    Vulnerability from variot - Updated: 2023-12-18 13:44

    Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201001-0217",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vote for tt news",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "francisco cifuentes",
            "version": "1.0.1"
          },
          {
            "model": "typo3",
            "scope": null,
            "trust": 0.8,
            "vendor": "typo3 association",
            "version": null
          },
          {
            "model": "vote for tt news",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco cifuentes",
            "version": "1.0.1"
          },
          {
            "model": "cifuentes vote for tt news",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "1.0.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "73714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-164"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:francisco_cifuentes:vote_for_tt_news:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.0.1",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-0335"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "73714"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2010-0335",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2010-0335",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-42940",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2010-0335",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201001-164",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-42940",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2010-0335",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42940"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-164"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-0335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          },
          {
            "db": "BID",
            "id": "73714"
          },
          {
            "db": "VULHUB",
            "id": "VHN-42940"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0335"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-0335",
            "trust": 2.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004019",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-164",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "73714",
            "trust": 0.5
          },
          {
            "db": "VULHUB",
            "id": "VHN-42940",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0335",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42940"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0335"
          },
          {
            "db": "BID",
            "id": "73714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-164"
          }
        ]
      },
      "id": "VAR-201001-0217",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42940"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:44:49.590000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "alpha background GIFBUILDER TYPO3 problem: Resolved!",
            "trust": 0.8,
            "url": "http://lists.typo3.org/pipermail/typo3-english/2009-august/063035.html"
          },
          {
            "title": "typo3-sa-2009-021",
            "trust": 0.8,
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42940"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0335"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0335"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0335"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/73714"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42940"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0335"
          },
          {
            "db": "BID",
            "id": "73714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-164"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-42940"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0335"
          },
          {
            "db": "BID",
            "id": "73714"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0335"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-164"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-01-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-42940"
          },
          {
            "date": "2010-01-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-0335"
          },
          {
            "date": "2010-01-15T00:00:00",
            "db": "BID",
            "id": "73714"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          },
          {
            "date": "2010-01-15T19:30:00.880000",
            "db": "NVD",
            "id": "CVE-2010-0335"
          },
          {
            "date": "2010-01-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201001-164"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-42940"
          },
          {
            "date": "2011-07-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-0335"
          },
          {
            "date": "2010-01-15T00:00:00",
            "db": "BID",
            "id": "73714"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          },
          {
            "date": "2011-07-26T04:00:00",
            "db": "NVD",
            "id": "CVE-2010-0335"
          },
          {
            "date": "2010-01-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201001-164"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-164"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TYPO3 of  vote_for_tt_news Cross-site scripting vulnerability in extension",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004019"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-164"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200109-0004

    Vulnerability from variot - Updated: 2023-12-18 13:41

    admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. PHPNuke's "admin.php" script does not properly authenticate users of its filemanager capabilities. PHP Nuke is a website creation/maintenance tool written in PHP3. PHP Nuke contains a vulnerability in 'admin.php' that may allow for remote attackers to overwrite files with custom data on target webservers. May allow for an attacker to gain access to the host, cause denial of service or deface the target website. PostNuke, a derivative of PHP Nuke, is also vulnerable. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200109-0004",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "5.2"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "php nuke",
            "version": null
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "francisco burzi",
            "version": "5.2"
          },
          {
            "model": "burzi php-nuke a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.0.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.0"
          },
          {
            "model": "burzi php-nuke a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.4.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.4"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.3"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "3.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "2.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "1.0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#933955"
          },
          {
            "db": "BID",
            "id": "3361"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1032"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-125"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1032"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "supergate\u203b supergate@twlc.net",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-125"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2001-1032",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-3837",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2001-1032",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#933955",
                "trust": 0.8,
                "value": "4.28"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200109-125",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3837",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#933955"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3837"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1032"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-125"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. PHPNuke\u0027s \"admin.php\" script does not properly authenticate users of its filemanager capabilities. PHP Nuke is a website creation/maintenance tool written in PHP3. \nPHP Nuke contains a vulnerability in \u0027admin.php\u0027 that may allow for remote attackers to overwrite files with custom data on target webservers. \nMay allow for an attacker to gain access to the host, cause denial of service or deface the target website. \nPostNuke, a derivative of PHP Nuke, is also vulnerable. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1032"
          },
          {
            "db": "CERT/CC",
            "id": "VU#933955"
          },
          {
            "db": "BID",
            "id": "3361"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3837"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "3361",
            "trust": 2.8
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1032",
            "trust": 1.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#933955",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-125",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20010924 TWLC ADVISORY: ALL VERSIONS OF PHP NUKE ARE VULNERABLE...",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "7170",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-3837",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#933955"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3837"
          },
          {
            "db": "BID",
            "id": "3361"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1032"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-125"
          }
        ]
      },
      "id": "VAR-200109-0004",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3837"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:41:05.111000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1032"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/3361"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html"
          },
          {
            "trust": 1.7,
            "url": "http://sourceforge.net/forum/forum.php?forum_id=113892"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7170"
          },
          {
            "trust": 0.8,
            "url": "http://www.securiteam.com/unixfocus/5fp0l1f5fs.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.twlc.net/article.php?sid=421"
          },
          {
            "trust": 0.8,
            "url": "http://sourceforge.net/tracker/?group_id=7511"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/static/7170.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.ncc.org.ve/php-nuke.php3?op=english"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#933955"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3837"
          },
          {
            "db": "BID",
            "id": "3361"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1032"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-125"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#933955"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3837"
          },
          {
            "db": "BID",
            "id": "3361"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1032"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-125"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2002-09-24T00:00:00",
            "db": "CERT/CC",
            "id": "VU#933955"
          },
          {
            "date": "2001-09-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3837"
          },
          {
            "date": "2001-09-24T00:00:00",
            "db": "BID",
            "id": "3361"
          },
          {
            "date": "2001-09-24T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-1032"
          },
          {
            "date": "2001-09-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200109-125"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2002-09-24T00:00:00",
            "db": "CERT/CC",
            "id": "VU#933955"
          },
          {
            "date": "2017-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3837"
          },
          {
            "date": "2001-09-24T00:00:00",
            "db": "BID",
            "id": "3361"
          },
          {
            "date": "2017-10-10T01:29:58.470000",
            "db": "NVD",
            "id": "CVE-2001-1032"
          },
          {
            "date": "2012-11-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200109-125"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-125"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHPNuke \u0027admin.php\u0027 script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#933955"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-125"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200111-0015

    Vulnerability from variot - Updated: 2023-12-18 13:41

    PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. When a user authenticates to a PHP-Nuke based page, a cookie is created which includes that user's account name and password. This password is encoded using Base 64 encoding, and can be immediately decoded by anyone with access to the cookies contents. This, an attacker able to gain access to this cookie may trivially learn the user's account name and password, and compromise that account. Older versions of PHP-Nuke may also be vulnerable. PostNuke 0.6.4(and possibly earlier versions) is also vulnerable. PHP Nuke uses a global variable named '$user'. It is normally retrieved from a cookie, but can be supplied in a URL. This value contains uuencoded values for the user information and the user's password hash. These values are decoded on the server and used in various SQL queries during the execution of PHP Nuke scripts. Several variables used in this query contain user-supplied input. These values may be injected into a uuencoded $user variable passed in a URL. Attackers may modify the query so that its logic forces retrieval of sensitive information associated with arbitrary users. This could be accomplished if the attacker has a valid username. If exploited, the attacker will have gained the encrypted password and user information of the target user. The password could then be brute-forced, allowing further compromises of security on the affected host, including arbitrary file access and remote command execution as the webserver process. There is a security issue in this CGI program, which may lead to the disclosure of sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200111-0015",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.3.1"
          },
          {
            "model": "postnuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postnuke",
            "version": "0.64"
          },
          {
            "model": "development team postnuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "postnuke",
            "version": "0.64"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.3.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.4"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.3"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "4.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "3567"
          },
          {
            "db": "BID",
            "id": "2431"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200111-026"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0911"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Posted by Cabezon Aur\u00e9lien \u003caurelien.cabezon@iSecureLabs.com\u003e to the BugTraq mailing list on November 22, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "3567"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2001-0911",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": true,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-3718",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2001-0911",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200111-026",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3718",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3718"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200111-026"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. PHP-Nuke is a popular web based Portal system.  It allows users to create accounts and contribute content to the site. \nWhen a user authenticates to a PHP-Nuke based page, a cookie is created which includes that user\u0027s account name and password.  This password is encoded using Base 64 encoding, and can be immediately decoded by anyone with access to the cookies contents.  This, an attacker able to gain access to this cookie may trivially learn the user\u0027s account name and password, and compromise that account. \nOlder versions of PHP-Nuke may also be vulnerable.  PostNuke 0.6.4(and possibly earlier versions) is also vulnerable. PHP Nuke uses a global variable named \u0027$user\u0027.  It is normally retrieved from a cookie, but can be supplied in a URL.  This value contains uuencoded values for the user information and the user\u0027s password hash. \nThese values are decoded on the server and used in various SQL queries during the execution of PHP Nuke scripts. \nSeveral variables used in this query contain user-supplied input.  These values may be injected into a uuencoded $user variable passed in a URL. \nAttackers may modify the query so that its logic forces retrieval of sensitive information associated with arbitrary users.  This could be accomplished if the attacker has a valid username. \nIf exploited, the attacker will have gained the encrypted password and user information of the target user. \nThe password could then be brute-forced, allowing further compromises of security on the affected host, including arbitrary file access and remote command execution as the webserver process. There is a security issue in this CGI program, which may lead to the disclosure of sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0911"
          },
          {
            "db": "BID",
            "id": "3567"
          },
          {
            "db": "BID",
            "id": "2431"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3718"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-0911",
            "trust": 2.3
          },
          {
            "db": "BID",
            "id": "3567",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200111-026",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "7596",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20011121 PHPNUKE ADMIN PASSWORD CAN BE STOLEN !",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "2431",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-3718",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3718"
          },
          {
            "db": "BID",
            "id": "3567"
          },
          {
            "db": "BID",
            "id": "2431"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200111-026"
          }
        ]
      },
      "id": "VAR-200111-0015",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3718"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:41:04.916000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-0911"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/3567"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7596"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=100638850219503\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/static/7596.php"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=100638850219503\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.postnuke.com"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=100638850219503\u0026amp;w=2"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3718"
          },
          {
            "db": "BID",
            "id": "3567"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200111-026"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-3718"
          },
          {
            "db": "BID",
            "id": "3567"
          },
          {
            "db": "BID",
            "id": "2431"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-0911"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200111-026"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2001-11-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3718"
          },
          {
            "date": "2001-11-22T00:00:00",
            "db": "BID",
            "id": "3567"
          },
          {
            "date": "2001-02-23T00:00:00",
            "db": "BID",
            "id": "2431"
          },
          {
            "date": "2001-11-21T05:00:00",
            "db": "NVD",
            "id": "CVE-2001-0911"
          },
          {
            "date": "2001-11-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200111-026"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3718"
          },
          {
            "date": "2009-07-11T09:06:00",
            "db": "BID",
            "id": "3567"
          },
          {
            "date": "2009-07-11T04:46:00",
            "db": "BID",
            "id": "2431"
          },
          {
            "date": "2017-12-19T02:29:28.363000",
            "db": "NVD",
            "id": "CVE-2001-0911"
          },
          {
            "date": "2006-09-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200111-026"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "3567"
          },
          {
            "db": "BID",
            "id": "2431"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Cookie Fragile encryption mechanism vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200111-026"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200111-026"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200211-0013

    Vulnerability from variot - Updated: 2023-12-18 13:41

    SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. A SQL injection vulnerability has been reported for PHP-Nuke 5.6. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. By injecting SQL code into variables, it may be possible for an attacker to corrupt database information. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. An attacker can bypass the reference by inserting \'\'\'\' in the \"bio\" field, resulting in SQL injection. The following operations can modify the password of any PHP-NUKE user to \"1\"

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200211-0013",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.6"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.6"
          },
          {
            "model": "burzi php-nuke",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "6088"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-1242"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-1242"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "kill9 kill9@hackers.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2002-1242",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-5627",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2002-1242",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200211-025",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-5627",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-5627"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-1242"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the \"bio\" argument to modules.php. A SQL injection vulnerability has been reported for PHP-Nuke 5.6. \nThe vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. \nBy injecting SQL code into variables, it may be possible for an attacker to corrupt database information. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. An attacker can bypass the reference by inserting \\\u0027\\\u0027\\\\\u0027\\\u0027 in the \\\"bio\\\" field, resulting in SQL injection. The following operations can modify the password of any PHP-NUKE user to \\\"1\\\" ",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-1242"
          },
          {
            "db": "BID",
            "id": "6088"
          },
          {
            "db": "VULHUB",
            "id": "VHN-5627"
          }
        ],
        "trust": 1.26
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-5627",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-5627"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "6088",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2002-1242",
            "trust": 2.0
          },
          {
            "db": "OSVDB",
            "id": "6244",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200211-025",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20021101 IDEFENSE SECURITY ADVISORY 10.31.02C: PHP-NUKE SQL INJECTION VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "10516",
            "trust": 0.6
          },
          {
            "db": "VULNWATCH",
            "id": "20021101 IDEFENSE SECURITY ADVISORY 10.31.02C: PHP-NUKE SQL INJECTION VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "21977",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-5627",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-5627"
          },
          {
            "db": "BID",
            "id": "6088"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-1242"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ]
      },
      "id": "VAR-200211-0013",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-5627"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:41:03.749000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-1242"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/6088"
          },
          {
            "trust": 1.7,
            "url": "http://www.idefense.com/advisory/10.31.02c.txt"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/6244"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iss.net/security_center/static/10516.php"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=103616324103171\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103616324103171\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/298193"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-5627"
          },
          {
            "db": "BID",
            "id": "6088"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-1242"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-5627"
          },
          {
            "db": "BID",
            "id": "6088"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-1242"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2002-11-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-5627"
          },
          {
            "date": "2002-11-01T00:00:00",
            "db": "BID",
            "id": "6088"
          },
          {
            "date": "2002-11-12T05:00:00",
            "db": "NVD",
            "id": "CVE-2002-1242"
          },
          {
            "date": "2002-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-10-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-5627"
          },
          {
            "date": "2009-07-11T18:06:00",
            "db": "BID",
            "id": "6088"
          },
          {
            "date": "2016-10-18T02:25:09.823000",
            "db": "NVD",
            "id": "CVE-2002-1242"
          },
          {
            "date": "2012-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke SQL Insert modify any user information vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200211-025"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200208-0193

    Vulnerability from variot - Updated: 2023-12-18 13:35

    index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script. It has been suggested that this is the result of an insecure server configuration. It can run under Unix and Linux operating systems, and can also run under Microsoft Windows operating systems. PHP-Nuke may leak absolute paths due to problems in handling some wrong WEB requests. Attackers can use this information to carry out further attacks on the target system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200208-0193",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.0.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.3.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.2a"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "5.4"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.4"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.3.1"
          },
          {
            "model": "burzi php-nuke a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.0.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "4333"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-0483"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "godminus\u203b godminus@owns.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2002-0483",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-4876",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2002-0483",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200208-235",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-4876",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4876"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. \nA vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script. \nIt has been suggested that this is the result of an insecure server configuration. It can run under Unix and Linux operating systems, and can also run under Microsoft Windows operating systems. PHP-Nuke may leak absolute paths due to problems in handling some wrong WEB requests. Attackers can use this information to carry out further attacks on the target system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-0483"
          },
          {
            "db": "BID",
            "id": "4333"
          },
          {
            "db": "VULHUB",
            "id": "VHN-4876"
          }
        ],
        "trust": 1.26
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-4876",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4876"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "4333",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0483",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200208-235",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "8618",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20020320 FW: PHPNUKE 5.4 PATH DISCLOSURE VULNERABILITY?",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "21349",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-75176",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-4876",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4876"
          },
          {
            "db": "BID",
            "id": "4333"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ]
      },
      "id": "VAR-200208-0193",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4876"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:35:53.240000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2002-0483"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/4333"
          },
          {
            "trust": 1.7,
            "url": "http://online.securityfocus.com/archive/1/263337"
          },
          {
            "trust": 1.7,
            "url": "http://www.iss.net/security_center/static/8618.php"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4876"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-4876"
          },
          {
            "db": "BID",
            "id": "4333"
          },
          {
            "db": "NVD",
            "id": "CVE-2002-0483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2002-08-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-4876"
          },
          {
            "date": "2002-03-21T00:00:00",
            "db": "BID",
            "id": "4333"
          },
          {
            "date": "2002-08-12T04:00:00",
            "db": "NVD",
            "id": "CVE-2002-0483"
          },
          {
            "date": "2002-03-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-09-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-4876"
          },
          {
            "date": "2009-07-11T11:56:00",
            "db": "BID",
            "id": "4333"
          },
          {
            "date": "2008-09-05T20:28:08.650000",
            "db": "NVD",
            "id": "CVE-2002-0483"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Error message WEBROOT Path information disclosure vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Configuration Error",
        "sources": [
          {
            "db": "BID",
            "id": "4333"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200208-235"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-200312-0469

    Vulnerability from variot - Updated: 2023-12-18 13:35

    The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. The Web_Links module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the information gathered in this manner to mount further attacks against the host. It should be noted that although PHP-Nuke version 6.x has been reported vulnerable, other versions might also be affected. There is a vulnerability in the Web_Links module of PHP-Nuke versions 6.0 to 6.5 Ultimate

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200312-0469",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc2"
          },
          {
            "model": "burzi php-nuke rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.51"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "7589"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1468"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2003-1468"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovery of this vulnerability has been credited to Rynho Zeros Web \u003chackargentino@gmx.net\u003e.",
        "sources": [
          {
            "db": "BID",
            "id": "7589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2003-1468",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-8293",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2003-1468",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200312-377",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-8293",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8293"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1468"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. The Web_Links module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. \nAn attacker may use the information gathered in this manner to mount further attacks against the host. \nIt should be noted that although PHP-Nuke version 6.x has been reported vulnerable, other versions might also be affected. There is a vulnerability in the Web_Links module of PHP-Nuke versions 6.0 to 6.5 Ultimate",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2003-1468"
          },
          {
            "db": "BID",
            "id": "7589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-8293"
          }
        ],
        "trust": 1.26
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-8293",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8293"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "7589",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1468",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200312-377",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "12436",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20030512 RE: LOT OF SQL INJECTION ON PHP-NUKE 6.5 (SECURE WEBLOG!)",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "22598",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-76397",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-8293",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8293"
          },
          {
            "db": "BID",
            "id": "7589"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1468"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ]
      },
      "id": "VAR-200312-0469",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8293"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:35:47.084000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8293"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1468"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/7589"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/321313"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12436"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/12436"
          },
          {
            "trust": 0.3,
            "url": "http://www.irannuke.com/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/321313"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-8293"
          },
          {
            "db": "BID",
            "id": "7589"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1468"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-8293"
          },
          {
            "db": "BID",
            "id": "7589"
          },
          {
            "db": "NVD",
            "id": "CVE-2003-1468"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2003-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-8293"
          },
          {
            "date": "2003-05-13T00:00:00",
            "db": "BID",
            "id": "7589"
          },
          {
            "date": "2003-12-31T05:00:00",
            "db": "NVD",
            "id": "CVE-2003-1468"
          },
          {
            "date": "2003-12-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-8293"
          },
          {
            "date": "2003-05-13T00:00:00",
            "db": "BID",
            "id": "7589"
          },
          {
            "date": "2017-07-29T01:29:13.263000",
            "db": "NVD",
            "id": "CVE-2003-1468"
          },
          {
            "date": "2003-12-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Web_Links Module path leak vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200312-377"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200502-0081

    Vulnerability from variot - Updated: 2023-12-18 13:35

    Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. PHP-Nuke is a widely popular website creation and management tool

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200502-0081",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.0_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.6"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.3"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.7"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.6"
          },
          {
            "model": "burzi php-nuke rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.51"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0434"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-0434"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovery of these vulnerabilities is credited to Janek Vind \u0027waraxe\u0027.",
        "sources": [
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2005-0434",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-11643",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2005-0434",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200502-058",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-11643",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-11643"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0434"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. \nThese issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. PHP-Nuke is a widely popular website creation and management tool",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-0434"
          },
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-11643"
          }
        ],
        "trust": 1.26
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "12561",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0434",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-058",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "19346",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-11643",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-11643"
          },
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0434"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ]
      },
      "id": "VAR-200502-0081",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-11643"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:35:44.587000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-0434"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/12561"
          },
          {
            "trust": 1.7,
            "url": "http://www.waraxe.us/advisory-40.html"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19346"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/19346"
          },
          {
            "trust": 0.3,
            "url": "http://www.irannuke.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-11643"
          },
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0434"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-11643"
          },
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0434"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-02-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-11643"
          },
          {
            "date": "2005-02-15T00:00:00",
            "db": "BID",
            "id": "12561"
          },
          {
            "date": "2005-02-15T05:00:00",
            "db": "NVD",
            "id": "CVE-2005-0434"
          },
          {
            "date": "2005-02-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-11643"
          },
          {
            "date": "2005-02-15T00:00:00",
            "db": "BID",
            "id": "12561"
          },
          {
            "date": "2017-07-11T01:32:17.517000",
            "db": "NVD",
            "id": "CVE-2005-0434"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Multi-file parameter cross-site scripting vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-058"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200502-0080

    Vulnerability from variot - Updated: 2023-12-18 13:35

    Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. PHP-Nuke is a widely popular website creation and management tool

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200502-0080",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.0_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.6"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.3"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.7"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.6"
          },
          {
            "model": "burzi php-nuke rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.51"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0433"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-0433"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovery of these vulnerabilities is credited to Janek Vind \u0027waraxe\u0027",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2005-0433",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-11642",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2005-0433",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2005-0433",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200502-060",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-11642",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2005-0433",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-11642"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0433"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0433"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. \nThese issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. PHP-Nuke is a widely popular website creation and management tool",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-0433"
          },
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-11642"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0433"
          }
        ],
        "trust": 1.35
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "12561",
            "trust": 2.1
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0433",
            "trust": 1.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-060",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "19344",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-11642",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0433",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-11642"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0433"
          },
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0433"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ]
      },
      "id": "VAR-200502-0080",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-11642"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:35:44.549000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-0433"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/12561"
          },
          {
            "trust": 1.8,
            "url": "http://www.waraxe.us/advisory-40.html"
          },
          {
            "trust": 1.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19344"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/19344"
          },
          {
            "trust": 0.3,
            "url": "http://www.irannuke.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-11642"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0433"
          },
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0433"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-11642"
          },
          {
            "db": "VULMON",
            "id": "CVE-2005-0433"
          },
          {
            "db": "BID",
            "id": "12561"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-0433"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-02-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-11642"
          },
          {
            "date": "2005-02-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2005-0433"
          },
          {
            "date": "2005-02-15T00:00:00",
            "db": "BID",
            "id": "12561"
          },
          {
            "date": "2005-02-15T05:00:00",
            "db": "NVD",
            "id": "CVE-2005-0433"
          },
          {
            "date": "2005-02-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-11642"
          },
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2005-0433"
          },
          {
            "date": "2005-02-15T00:00:00",
            "db": "BID",
            "id": "12561"
          },
          {
            "date": "2017-07-11T01:32:17.467000",
            "db": "NVD",
            "id": "CVE-2005-0433"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Multiple file parameters Path information disclosure vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200502-060"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200403-0099

    Vulnerability from variot - Updated: 2023-12-18 13:31

    Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php' script. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible. PHP-Nuke 7.1.0 has been reported to be prone to these issues, however, it is possible that other versions are affected as well. These issues are undergoing further analysis. These issues will be separated into individual BIDs once analysis is complete

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200403-0099",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "9879"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1817"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1817"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovery is credited to Janek Vind \u003ccome2waraxe@yahoo.com\u003e.",
        "sources": [
          {
            "db": "BID",
            "id": "9879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2004-1817",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-10246",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2004-1817",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200403-057",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-10246",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10246"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1817"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities.  These vulnerabilities occur due to insufficient sanitization of user-supplied data via the \u0027Your Name\u0027, \u0027nicname\u0027, \u0027fname\u0027, \u0027ratenum\u0027, and \u0027search\u0027 fields of \u0027modules.php\u0027 script.  Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible. \nPHP-Nuke 7.1.0 has been reported to be prone to these issues, however, it is possible that other versions are affected as well.  These issues are undergoing further analysis.  These issues will be separated into individual BIDs once analysis is complete",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1817"
          },
          {
            "db": "BID",
            "id": "9879"
          },
          {
            "db": "VULHUB",
            "id": "VHN-10246"
          }
        ],
        "trust": 1.26
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-10246",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10246"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "9879",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "11135",
            "trust": 1.7
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1817",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200403-057",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20040315 [WARAXE-2004-SA#005 - XSS IN PHP-NUKE 7.1.0 - PART 2]",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "15491",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "23814",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-77563",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-10246",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10246"
          },
          {
            "db": "BID",
            "id": "9879"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1817"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ]
      },
      "id": "VAR-200403-0099",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10246"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:31:00.778000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1817"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/9879"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/11135"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15491"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=107937752811633\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/15491"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=107937752811633\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.ncc.org.ve/php-nuke.php3?op=english"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/357497"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=107937752811633\u0026amp;w=2"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10246"
          },
          {
            "db": "BID",
            "id": "9879"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1817"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-10246"
          },
          {
            "db": "BID",
            "id": "9879"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1817"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2004-03-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-10246"
          },
          {
            "date": "2004-03-15T00:00:00",
            "db": "BID",
            "id": "9879"
          },
          {
            "date": "2004-03-15T05:00:00",
            "db": "NVD",
            "id": "CVE-2004-1817"
          },
          {
            "date": "2004-03-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-10246"
          },
          {
            "date": "2004-03-15T00:00:00",
            "db": "BID",
            "id": "9879"
          },
          {
            "date": "2017-07-11T01:31:22.403000",
            "db": "NVD",
            "id": "CVE-2004-1817"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabilities",
        "sources": [
          {
            "db": "BID",
            "id": "9879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200403-057"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200404-0097

    Vulnerability from variot - Updated: 2023-12-18 13:31

    SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input. As a result of these issues an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200404-0097",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.0_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "5.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.7"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.6"
          },
          {
            "model": "burzi php-nuke rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.51"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "5.5"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "10135"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1929"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Disclosure of this issue is credited to Janek Vind \"waraxe\".",
        "sources": [
          {
            "db": "BID",
            "id": "10135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2004-1929",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-10358",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2004-1929",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200404-022",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-10358",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10358"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities.  These issues are due to a failure of the application to properly sanitize user supplied input. \nAs a result of these issues an attacker could modify the logic and structure of database queries. Other attacks may also be possible, such as gaining access to sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1929"
          },
          {
            "db": "BID",
            "id": "10135"
          },
          {
            "db": "VULHUB",
            "id": "VHN-10358"
          }
        ],
        "trust": 1.26
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-10358",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10358"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "10135",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "11347",
            "trust": 1.7
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1929",
            "trust": 1.7
          },
          {
            "db": "XF",
            "id": "15839",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20040412 [WARAXE-2004-SA#017 - USER-LEVEL AUTHENTICATION BYPASS IN PHPNUKE 6.X-7.2]",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-022",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "23998",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-77736",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-10358",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10358"
          },
          {
            "db": "BID",
            "id": "10135"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ]
      },
      "id": "VAR-200404-0097",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10358"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:31:00.655000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1929"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/10135"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/11347"
          },
          {
            "trust": 1.6,
            "url": "http://www.waraxe.us/index.php?modname=sa\u0026id=17"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15839"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=108180111826852\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/15839"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108180111826852\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.zone.ee/waraxe/?modname=sa\u0026id=018"
          },
          {
            "trust": 0.3,
            "url": "http://www.zone.ee/waraxe/?modname=sa\u0026id=017"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=108180111826852\u0026amp;w=2"
          },
          {
            "trust": 0.1,
            "url": "http://www.waraxe.us/index.php?modname=sa\u0026amp;id=17"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10358"
          },
          {
            "db": "BID",
            "id": "10135"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-10358"
          },
          {
            "db": "BID",
            "id": "10135"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2004-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-10358"
          },
          {
            "date": "2004-04-13T00:00:00",
            "db": "BID",
            "id": "10135"
          },
          {
            "date": "2004-04-13T04:00:00",
            "db": "NVD",
            "id": "CVE-2004-1929"
          },
          {
            "date": "2004-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-10358"
          },
          {
            "date": "2004-04-13T00:00:00",
            "db": "BID",
            "id": "10135"
          },
          {
            "date": "2017-07-11T01:31:28.543000",
            "db": "NVD",
            "id": "CVE-2004-1929"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke Multiple SQL Injection vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-022"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200404-0098

    Vulnerability from variot - Updated: 2023-12-18 13:31

    Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. Reportedly PHP-NuKe is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the 'cookiedecode()' function to properly sanitize user supplied cookie parameters. These issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. The mainfile.php script cookiedecode() function included in PHP-Nuke lacks sufficient filtering for input submitted by users. The \'\'cookiedecode()\'\' function incorrectly filters the cookie parameters provided by the user, and the attacker builds a malicious connection to lure the user to visit, which can cause malicious code to be executed on the user's browser, allowing the attacker to obtain the sensitive information of the target user. information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200404-0098",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.0_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.7"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.6"
          },
          {
            "model": "burzi php-nuke rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.51"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "10128"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1930"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Janek Vind\u203b come2waraxe@yahoo.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2004-1930",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-10359",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2004-1930",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200404-016",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-10359",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10359"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. Reportedly PHP-NuKe is prone to a remote cross-site scripting vulnerability.  This issue is due to a failure of the \u0027cookiedecode()\u0027 function to properly sanitize user supplied cookie parameters. \nThese issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. The mainfile.php script cookiedecode() function included in PHP-Nuke lacks sufficient filtering for input submitted by users. The \\\u0027\\\u0027cookiedecode()\\\u0027\\\u0027 function incorrectly filters the cookie parameters provided by the user, and the attacker builds a malicious connection to lure the user to visit, which can cause malicious code to be executed on the user\u0027s browser, allowing the attacker to obtain the sensitive information of the target user. information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1930"
          },
          {
            "db": "BID",
            "id": "10128"
          },
          {
            "db": "VULHUB",
            "id": "VHN-10359"
          }
        ],
        "trust": 1.26
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-10359",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10359"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "10128",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "11347",
            "trust": 1.7
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1930",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-016",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "15842",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20040412 [WARAXE-2004-SA#016 - CROSS-SITE SCRIPTING AKA XSS IN PHPNUKE 6.X-7.2 PART 3]",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "23990",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-77729",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-10359",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10359"
          },
          {
            "db": "BID",
            "id": "10128"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ]
      },
      "id": "VAR-200404-0098",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10359"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:31:00.632000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2004-1930"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/10128"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/11347"
          },
          {
            "trust": 1.6,
            "url": "http://www.waraxe.us/index.php?modname=sa\u0026id=16"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15842"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=108182759214035\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/15842"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108182759214035\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.zone.ee/waraxe/?modname=sa\u0026id=016"
          },
          {
            "trust": 0.3,
            "url": "http://www.irannuke.com/"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026amp;m=108182759214035\u0026amp;w=2"
          },
          {
            "trust": 0.1,
            "url": "http://www.waraxe.us/index.php?modname=sa\u0026amp;id=16"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-10359"
          },
          {
            "db": "BID",
            "id": "10128"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-10359"
          },
          {
            "db": "BID",
            "id": "10128"
          },
          {
            "db": "NVD",
            "id": "CVE-2004-1930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2004-04-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-10359"
          },
          {
            "date": "2004-04-13T00:00:00",
            "db": "BID",
            "id": "10128"
          },
          {
            "date": "2004-04-12T04:00:00",
            "db": "NVD",
            "id": "CVE-2004-1930"
          },
          {
            "date": "2004-04-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-10359"
          },
          {
            "date": "2004-04-13T00:00:00",
            "db": "BID",
            "id": "10128"
          },
          {
            "date": "2017-07-11T01:31:28.607000",
            "db": "NVD",
            "id": "CVE-2004-1930"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke CookieDecode Remote cross-site scripting vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200404-016"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200010-0125

    Vulnerability from variot - Updated: 2023-12-18 13:26

    admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter. PHP-Nuke is a website creation/maintainence tool written in PHP3. It is possible to elevate priviliges in this system from normal user to administrator due to a flaw in authentication code. The problem occurs here: $aid = variable holding author name, pwd = author password $result=mysql_query("select pwd from authors where aid='$aid'"); if(!$result) { echo "Selection from database failed!"; exit; } else { list($pass)=mysql_fetch_row($result); if($pass == $pwd) { $admintest = 1; } } First off, the code checks to make sure the query passed to mysql_query is legal. There are no checks to see whether any rows are returned (whether any authors match $aid..). Then, the password given is compared to the result of the above query. If the author doesn't match, mysql_fetch_row returns FALSE. This is where the problem occurs. A NULL string is logically equal to FALSE and thus if an empty string is supplied as password, the condition tested for above (the if($pass == $pwd)) is met and admintest is set to 1 (TRUE). The user is then able to perform all administrative functions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200010-0125",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "1.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "2.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "2.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "1.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "1592"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0745"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-111"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0745"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered and posted to Bugtraq on Aug 21, 2000 by bruj0@securityportal.com.ar.  More information was provided by Starman_Jones in his post to Bugtraq on August 23, 2000.",
        "sources": [
          {
            "db": "BID",
            "id": "1592"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2000-0745",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-2322",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2000-0745",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200010-111",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-2322",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-2322"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0745"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-111"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter. PHP-Nuke is a website creation/maintainence tool written in PHP3. It is possible to elevate priviliges in this system from normal user to administrator due to a flaw in authentication code.  The problem occurs here:\n$aid = variable holding author name, pwd = author password\n$result=mysql_query(\"select pwd from authors where aid=\u0027$aid\u0027\");\nif(!$result) {\necho \"Selection from database failed!\";\nexit;\n} else {\nlist($pass)=mysql_fetch_row($result);\nif($pass == $pwd) {\n$admintest = 1;\n}\n}\nFirst off, the code checks to make sure the query passed to mysql_query is legal. There are no checks to see whether any rows are returned (whether any authors match $aid..). Then, the password given is compared to the result of the above query. If the author doesn\u0027t match, mysql_fetch_row returns FALSE. This is where the problem occurs. A NULL string is logically equal to FALSE and thus if an empty string is supplied as password, the condition tested for above (the if($pass == $pwd)) is met and admintest is set to 1 (TRUE). The user is then able to perform all administrative functions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0745"
          },
          {
            "db": "BID",
            "id": "1592"
          },
          {
            "db": "VULHUB",
            "id": "VHN-2322"
          }
        ],
        "trust": 1.26
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-2322",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-2322"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1592",
            "trust": 2.0
          },
          {
            "db": "OSVDB",
            "id": "1521",
            "trust": 1.7
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0745",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-111",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20000821 VULN. IN ALL SITES USING PHP-NUKE, VERSIONS LESS THAN 3",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-74047",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "20158",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-2322",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-2322"
          },
          {
            "db": "BID",
            "id": "1592"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0745"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-111"
          }
        ]
      },
      "id": "VAR-200010-0125",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-2322"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:26:17Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2000-0745"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/1592"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0243.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/1521"
          },
          {
            "trust": 0.3,
            "url": "http://www.ncc.org.ve/php-nuke.php3?op=english"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-2322"
          },
          {
            "db": "BID",
            "id": "1592"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0745"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-111"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-2322"
          },
          {
            "db": "BID",
            "id": "1592"
          },
          {
            "db": "NVD",
            "id": "CVE-2000-0745"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-111"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2000-10-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-2322"
          },
          {
            "date": "2000-08-21T00:00:00",
            "db": "BID",
            "id": "1592"
          },
          {
            "date": "2000-10-20T04:00:00",
            "db": "NVD",
            "id": "CVE-2000-0745"
          },
          {
            "date": "2000-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200010-111"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-09-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-2322"
          },
          {
            "date": "2000-08-21T00:00:00",
            "db": "BID",
            "id": "1592"
          },
          {
            "date": "2008-09-05T20:21:47.060000",
            "db": "NVD",
            "id": "CVE-2000-0745"
          },
          {
            "date": "2005-08-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200010-111"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-111"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHP-Nuke admin.php3 Privilege escalation vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-111"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "unknown",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200010-111"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200602-0205

    Vulnerability from variot - Updated: 2023-12-18 13:25

    Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. PHPNuke is prone to a cross-site scripting vulnerability. This issue affects the 'header.php' script. PHPNuke 7.8 and prior versions are reportedly vulnerable.

    TITLE: PHP-Nuke "pagetitle" Cross-Site Scripting Vulnerability

    SECUNIA ADVISORY ID: SA18820

    VERIFY ADVISORY: http://secunia.com/advisories/18820/

    CRITICAL: Less critical

    IMPACT: Cross Site Scripting

    WHERE:

    From remote

    SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ PHP-Nuke 6.x http://secunia.com/product/329/

    DESCRIPTION: Janek Vind "waraxe" has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct cross-site scripting attacks.

    Input passed to the "pagetitle" parameter in "header.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

    Example: http://[host]/?pagetitle=title<script+src=http://[host]/script.js?

    The vulnerability has been confirmed in version 7.8.

    SOLUTION: Edit the source code to ensure that input is properly sanitised.

    PROVIDED AND/OR DISCOVERED BY: Janek Vind "waraxe"

    ORIGINAL ADVISORY: http://www.waraxe.us/advisory-44.html


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200602-0205",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.7"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_beta1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5_rc1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.5"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "7.1"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco burzi",
            "version": "6.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.3"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.8"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.9"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.2"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.0"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "6.5_final"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.6"
          },
          {
            "model": "php-nuke",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "francisco burzi",
            "version": "7.7"
          },
          {
            "model": "burzi php-nuke rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.1"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.2"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.0"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.7"
          },
          {
            "model": "burzi php-nuke beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.51"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.6"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.7"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.3"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.9"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.6"
          },
          {
            "model": "burzi php-nuke rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          },
          {
            "model": "burzi php-nuke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "7.8"
          },
          {
            "model": "burzi php-nuke final",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "6.5"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "16608"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-0676"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Janek Vind.",
        "sources": [
          {
            "db": "BID",
            "id": "16608"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2006-0676",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-16784",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-0676",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200602-164",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-16784",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-16784"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. PHPNuke is prone to a cross-site scripting vulnerability. \nThis issue affects the \u0027header.php\u0027 script. \nPHPNuke 7.8 and prior versions are reportedly vulnerable. \n\nTITLE:\nPHP-Nuke \"pagetitle\" Cross-Site Scripting Vulnerability\n\nSECUNIA ADVISORY ID:\nSA18820\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18820/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nPHP-Nuke 7.x\nhttp://secunia.com/product/2385/\nPHP-Nuke 6.x\nhttp://secunia.com/product/329/\n\nDESCRIPTION:\nJanek Vind \"waraxe\" has discovered a vulnerability in PHP-Nuke, which\ncan be exploited by malicious people to conduct cross-site scripting\nattacks. \n\nInput passed to the \"pagetitle\" parameter in \"header.php\" isn\u0027t\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of an affected site. \n\nExample:\nhttp://[host]/?pagetitle=title\u003c/title\u003e\u003c/head\u003e\u003cscript+src=http://[host]/script.js?\n\nThe vulnerability has been confirmed in version 7.8. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nPROVIDED AND/OR DISCOVERED BY:\nJanek Vind \"waraxe\"\n\nORIGINAL ADVISORY:\nhttp://www.waraxe.us/advisory-44.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-0676"
          },
          {
            "db": "BID",
            "id": "16608"
          },
          {
            "db": "VULHUB",
            "id": "VHN-16784"
          },
          {
            "db": "PACKETSTORM",
            "id": "43777"
          }
        ],
        "trust": 1.35
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "16608",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "18820",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-0542",
            "trust": 1.7
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0676",
            "trust": 1.7
          },
          {
            "db": "SREASON",
            "id": "425",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-164",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "24650",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20060214 [WARAXE-2006-SA#044] - XSS IN PHPNUKE 7.8 AND OLDER VERSIONS",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-80825",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "27208",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-16784",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "43777",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-16784"
          },
          {
            "db": "BID",
            "id": "16608"
          },
          {
            "db": "PACKETSTORM",
            "id": "43777"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ]
      },
      "id": "VAR-200602-0205",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-16784"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:25:58.041000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-0676"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.waraxe.us/advisory-44.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/16608"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/18820"
          },
          {
            "trust": 1.7,
            "url": "http://securityreason.com/securityalert/425"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/424956/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2006/0542"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24650"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2006/0542"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/24650"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/424956/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/441490"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/329/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/2385/"
          },
          {
            "trust": 0.1,
            "url": "http://[host]/?pagetitle=title\u003c/title\u003e\u003c/head\u003e\u003cscript+src=http://[host]/script.js?"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/18820/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-16784"
          },
          {
            "db": "BID",
            "id": "16608"
          },
          {
            "db": "PACKETSTORM",
            "id": "43777"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-16784"
          },
          {
            "db": "BID",
            "id": "16608"
          },
          {
            "db": "PACKETSTORM",
            "id": "43777"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-16784"
          },
          {
            "date": "2006-02-13T00:00:00",
            "db": "BID",
            "id": "16608"
          },
          {
            "date": "2006-02-13T19:29:16",
            "db": "PACKETSTORM",
            "id": "43777"
          },
          {
            "date": "2006-02-13T22:02:00",
            "db": "NVD",
            "id": "CVE-2006-0676"
          },
          {
            "date": "2006-02-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-16784"
          },
          {
            "date": "2006-12-13T17:08:00",
            "db": "BID",
            "id": "16608"
          },
          {
            "date": "2018-10-19T15:45:48.677000",
            "db": "NVD",
            "id": "CVE-2006-0676"
          },
          {
            "date": "2006-02-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PHPNuke Header.PHP Pagetitle Parametric Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xss",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "43777"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-164"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201001-0216

    Vulnerability from variot - Updated: 2023-12-18 13:25

    SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vote For Tt News is prone to a sql-injection vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201001-0216",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vote for tt news",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "francisco cifuentes",
            "version": "1.0.1"
          },
          {
            "model": "vote for tt news",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "francisco cifuentes",
            "version": "1.0.1"
          },
          {
            "model": "typo3",
            "scope": null,
            "trust": 0.8,
            "vendor": "typo3 association",
            "version": null
          },
          {
            "model": "cifuentes vote for tt news",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "francisco",
            "version": "1.0.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "73716"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-163"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:francisco_cifuentes:vote_for_tt_news:1.0.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-0334"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "73716"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2010-0334",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2010-0334",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-42939",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2010-0334",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201001-163",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-42939",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-163"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vote For Tt News is prone to a sql-injection vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-0334"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          },
          {
            "db": "BID",
            "id": "73716"
          },
          {
            "db": "VULHUB",
            "id": "VHN-42939"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-0334",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004018",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-163",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "73716",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-42939",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42939"
          },
          {
            "db": "BID",
            "id": "73716"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-163"
          }
        ]
      },
      "id": "VAR-201001-0216",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42939"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:25:21.464000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "alpha background GIFBUILDER TYPO3 problem: Resolved!",
            "trust": 0.8,
            "url": "http://lists.typo3.org/pipermail/typo3-english/2009-august/063035.html"
          },
          {
            "title": "typo3-sa-2009-021",
            "trust": 0.8,
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42939"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0334"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0334"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0334"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-42939"
          },
          {
            "db": "BID",
            "id": "73716"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-163"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-42939"
          },
          {
            "db": "BID",
            "id": "73716"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0334"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-163"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-01-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-42939"
          },
          {
            "date": "2010-01-15T00:00:00",
            "db": "BID",
            "id": "73716"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          },
          {
            "date": "2010-01-15T19:30:00.847000",
            "db": "NVD",
            "id": "CVE-2010-0334"
          },
          {
            "date": "2010-01-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201001-163"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-42939"
          },
          {
            "date": "2010-01-15T00:00:00",
            "db": "BID",
            "id": "73716"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          },
          {
            "date": "2011-07-25T04:00:00",
            "db": "NVD",
            "id": "CVE-2010-0334"
          },
          {
            "date": "2010-01-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201001-163"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-163"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TYPO3 of  vote_for_tt_news Extended  Vote rank In  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-004018"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201001-163"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2024-29042 (GCVE-0-2024-29042)

    Vulnerability from nvd – Published: 2024-03-22 16:46 – Updated: 2024-08-02 01:03
    VLAI
    Title
    Translate Cache Poisoning Vulnerability
    Summary
    Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    franciscop translate Affected: < 3.0.0
    Create a notification for this product.
    franciscop translate Affected: 0 , < 3.0.0 (custom)
        cpe:2.3:a:franciscop:translate:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:franciscop:translate:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "translate",
                "vendor": "franciscop",
                "versions": [
                  {
                    "lessThan": "3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29042",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T20:47:55.700604Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:50:38.165Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:03:51.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj"
              },
              {
                "name": "https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4"
              },
              {
                "name": "https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "translate",
              "vendor": "franciscop",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-22T16:46:21.456Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj"
            },
            {
              "name": "https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4"
            },
            {
              "name": "https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3"
            }
          ],
          "source": {
            "advisory": "GHSA-882j-4vj5-7vmj",
            "discovery": "UNKNOWN"
          },
          "title": "Translate Cache Poisoning Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-29042",
        "datePublished": "2024-03-22T16:46:21.456Z",
        "dateReserved": "2024-03-14T16:59:47.614Z",
        "dateUpdated": "2024-08-02T01:03:51.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-29042 (GCVE-0-2024-29042)

    Vulnerability from cvelistv5 – Published: 2024-03-22 16:46 – Updated: 2024-08-02 01:03
    VLAI
    Title
    Translate Cache Poisoning Vulnerability
    Summary
    Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    franciscop translate Affected: < 3.0.0
    Create a notification for this product.
    franciscop translate Affected: 0 , < 3.0.0 (custom)
        cpe:2.3:a:franciscop:translate:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:franciscop:translate:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "translate",
                "vendor": "franciscop",
                "versions": [
                  {
                    "lessThan": "3.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-29042",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T20:47:55.700604Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:50:38.165Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:03:51.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj"
              },
              {
                "name": "https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4"
              },
              {
                "name": "https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "translate",
              "vendor": "franciscop",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-22T16:46:21.456Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj"
            },
            {
              "name": "https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4"
            },
            {
              "name": "https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3"
            }
          ],
          "source": {
            "advisory": "GHSA-882j-4vj5-7vmj",
            "discovery": "UNKNOWN"
          },
          "title": "Translate Cache Poisoning Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-29042",
        "datePublished": "2024-03-22T16:46:21.456Z",
        "dateReserved": "2024-03-14T16:59:47.614Z",
        "dateUpdated": "2024-08-02T01:03:51.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }