Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
66 vulnerabilities by phpnuke
VAR-200412-1226
Vulnerability from variot - Updated: 2024-02-09 22:39Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. This issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke's handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "gte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "6.0"
},
{
"model": "php-nuke",
"scope": "lte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "7.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.7"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.9"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_final"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.0_final"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.1"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.6"
},
{
"model": "burzi php-nuke rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke beta",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.51"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Janek Vind\u203b come2waraxe@yahoo.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1842",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-10271",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-1842",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1842",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-738",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-10271",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2004-1842",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained within posts. \nThis issue may be leveraged to force an admin user viewing a malicious post to perform some query to the affected application such as adding a user or removing arbitrary data from the database. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is a design error in PHP-Nuke\u0027s handling of the bbCode tag in POST, which can be exploited by remote attackers to execute remote management commands. PHP-Nuke uses bbCode tags to support images, HTML, etc., but the processing of any Image tags specified by users is incorrect, which can lead to the execution of arbitrary remote commands, such as attackers can submit malicious POST requests to add or delete users from the database",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-10271",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=23835",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "9895",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "11195",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2004-1842",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738",
"trust": 0.7
},
{
"db": "XF",
"id": "15596",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6194",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040322 [WARAXE-2004-SA#008 - EASY WAY TO GET SUPERADMIN RIGHTS IN PHPNUKE 6.X-7.1.0]",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "23835",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-77580",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-10271",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2004-1842",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"id": "VAR-200412-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-09T22:39:13.083000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.1,
"url": "https://github.com/faizhaffizudin/case-study-hamsa "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-1842"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/9895"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/11195"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15596"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15596"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108006309112075\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6194"
},
{
"trust": 0.3,
"url": "http://www.irannuke.com/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108006309112075\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/23835/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10271"
},
{
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"db": "BID",
"id": "9895"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10271"
},
{
"date": "2004-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"date": "2004-03-16T00:00:00",
"db": "BID",
"id": "9895"
},
{
"date": "2004-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10271"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1842"
},
{
"date": "2004-03-16T00:00:00",
"db": "BID",
"id": "9895"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-738"
},
{
"date": "2024-02-08T20:46:14.233000",
"db": "NVD",
"id": "CVE-2004-1842"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Image Tag management command execution vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-738"
}
],
"trust": 0.6
}
}
VAR-200505-1008
Vulnerability from variot - Updated: 2023-12-18 12:40PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke is prone to a information disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "gte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "6.0"
},
{
"model": "php-nuke",
"scope": "lte",
"trust": 1.0,
"vendor": "phpnuke",
"version": "7.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.7"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.9"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.4"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_rc1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_beta1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "7.6"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 0.6,
"vendor": "francisco burzi",
"version": "6.5_final"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.6"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.3"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.1"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "7.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.9"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.7"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.6"
},
{
"model": "burzi php-nuke rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke final",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1028"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "90112"
}
],
"trust": 0.3
},
"cve": "CVE-2005-1028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12237",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1028",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12237",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke is prone to a information disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "VULHUB",
"id": "VHN-12237"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1028",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172",
"trust": 0.7
},
{
"db": "BID",
"id": "90112",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-12237",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"id": "VAR-200505-1008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:40:23.269000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=111272010303144\u0026w=2"
},
{
"trust": 0.3,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=111272010303144\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=111272010303144\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12237"
},
{
"db": "BID",
"id": "90112"
},
{
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-12237"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "90112"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-12237"
},
{
"date": "2005-05-02T00:00:00",
"db": "BID",
"id": "90112"
},
{
"date": "2019-07-16T12:20:01.417000",
"db": "NVD",
"id": "CVE-2005-1028"
},
{
"date": "2019-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-172"
}
],
"trust": 0.6
}
}
CVE-2021-30177 (GCVE-0-2021-30177)
Vulnerability from cvelistv5 – Published: 2021-04-07 10:48 – Updated: 2024-08-03 22:24
VLAI
Summary
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gist.github.com/stacksmasher007/41e946fc9… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-07T10:48:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47",
"refsource": "MISC",
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30177",
"datePublished": "2021-04-07T10:48:16.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:24:59.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3934 (GCVE-0-2014-3934)
Vulnerability from cvelistv5 – Published: 2014-06-02 14:00 – Updated: 2024-09-17 03:28
VLAI
Summary
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/126803/phpnu… | x_refsource_MISC |
| http://www.securityfocus.com/bid/67656 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-02T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3934",
"datePublished": "2014-06-02T14:00:00.000Z",
"dateReserved": "2014-06-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:28:04.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5083 (GCVE-0-2010-5083)
Vulnerability from cvelistv5 – Published: 2012-02-14 20:00 – Updated: 2024-08-07 04:09
VLAI
Summary
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/14589 | exploitx_refsource_EXPLOIT-DB |
| http://www.itsecteam.com/en/vulnerabilities/vulne… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14589",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"name": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm",
"refsource": "MISC",
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5083",
"datePublished": "2012-02-14T20:00:00.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:09:38.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3784 (GCVE-0-2011-3784)
Vulnerability from cvelistv5 – Published: 2011-09-24 00:00 – Updated: 2024-09-16 20:02
VLAI
Summary
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3784",
"datePublished": "2011-09-24T00:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:02:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1480 (GCVE-0-2011-1480)
Vulnerability from cvelistv5 – Published: 2011-06-21 01:00 – Updated: 2024-09-17 02:36
VLAI
Summary
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/03/23/7 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/03/30/6 | mailing-listx_refsource_MLIST |
| http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1480",
"datePublished": "2011-06-21T01:00:00.000Z",
"dateReserved": "2011-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:36:14.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1481 (GCVE-0-2011-1481)
Vulnerability from cvelistv5 – Published: 2011-06-21 01:00 – Updated: 2024-09-16 23:51
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/03/23/8 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/03/30/7 | mailing-listx_refsource_MLIST |
| http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1481",
"datePublished": "2011-06-21T01:00:00.000Z",
"dateReserved": "2011-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:16.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1482 (GCVE-0-2011-1482)
Vulnerability from cvelistv5 – Published: 2011-06-21 01:00 – Updated: 2024-09-16 20:47
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2011/03/30/8 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/03/23/9 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1482",
"datePublished": "2011-06-21T01:00:00.000Z",
"dateReserved": "2011-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:47:40.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1842 (GCVE-0-2009-1842)
Vulnerability from cvelistv5 – Published: 2009-06-01 14:00 – Updated: 2024-08-07 05:27
VLAI
Summary
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/35117 | vdb-entryx_refsource_BID |
| http://gsasec.blogspot.com/2009/05/php-nuke-v80-r… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35117"
},
{
"name": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html",
"refsource": "MISC",
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1842",
"datePublished": "2009-06-01T14:00:00.000Z",
"dateReserved": "2009-06-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:27:54.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6779 (GCVE-0-2008-6779)
Vulnerability from cvelistv5 – Published: 2009-05-01 17:00 – Updated: 2024-08-07 11:41
VLAI
Summary
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/0810-exploits/phpn… | x_refsource_MISC |
| http://www.securityfocus.com/bid/31830 | vdb-entryx_refsource_BID |
Date Public
2008-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sarkilar-module-sql-injection(45992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"name": "31830",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sarkilar-module-sql-injection(45992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"name": "31830",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31830"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sarkilar-module-sql-injection(45992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
},
{
"name": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"name": "31830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31830"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6779",
"datePublished": "2009-05-01T17:00:00.000Z",
"dateReserved": "2009-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6728 (GCVE-0-2008-6728)
Vulnerability from cvelistv5 – Published: 2009-04-20 14:06 – Updated: 2024-08-07 11:41
VLAI
Summary
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/499656/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/52033 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=bugtraq&m=123073887531700&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-12-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"refsource": "OSVDB",
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6728",
"datePublished": "2009-04-20T14:06:00.000Z",
"dateReserved": "2009-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3151 (GCVE-0-2008-3151)
Vulnerability from cvelistv5 – Published: 2008-07-11 22:00 – Updated: 2024-08-07 09:28
VLAI
Summary
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30120 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/494013/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3986 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/30976 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30120"
},
{
"name": "4ndvddb-modules-sql-injection(43626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43626"
},
{
"name": "20080707 PHP-NUKE SQL Module\u0027s Name 4ndvddb",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494013/100/0/threaded"
},
{
"name": "3986",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3986"
},
{
"name": "30976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30120"
},
{
"name": "4ndvddb-modules-sql-injection(43626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43626"
},
{
"name": "20080707 PHP-NUKE SQL Module\u0027s Name 4ndvddb",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494013/100/0/threaded"
},
{
"name": "3986",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3986"
},
{
"name": "30976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30976"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30120"
},
{
"name": "4ndvddb-modules-sql-injection(43626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43626"
},
{
"name": "20080707 PHP-NUKE SQL Module\u0027s Name 4ndvddb",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494013/100/0/threaded"
},
{
"name": "3986",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3986"
},
{
"name": "30976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30976"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3151",
"datePublished": "2008-07-11T22:00:00.000Z",
"dateReserved": "2008-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:28:41.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2020 (GCVE-0-2008-2020)
Vulnerability from cvelistv5 – Published: 2008-04-30 01:00 – Updated: 2024-08-07 08:41
VLAI
Summary
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/491127/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3834 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/28877 | vdb-entryx_refsource_BID |
| http://www.rooksecurity.com/blog/?p=6 | x_refsource_MISC |
Date Public
2008-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28877"
},
{
"name": "http://www.rooksecurity.com/blog/?p=6",
"refsource": "MISC",
"url": "http://www.rooksecurity.com/blog/?p=6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2020",
"datePublished": "2008-04-30T01:00:00.000Z",
"dateReserved": "2008-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:41:00.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1220 (GCVE-0-2008-1220)
Vulnerability from cvelistv5 – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28128 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28128"
},
{
"name": "4nchat-roomid-sql-injection(41051)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28128"
},
{
"name": "4nchat-roomid-sql-injection(41051)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28128"
},
{
"name": "4nchat-roomid-sql-injection(41051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1220",
"datePublished": "2008-03-10T17:00:00.000Z",
"dateReserved": "2008-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:33.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1219 (GCVE-0-2008-1219)
Vulnerability from cvelistv5 – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28126 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/29279 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/489258/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/489219/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rbt-4.net/forum/viewthread.php?forum_i… | x_refsource_MISC |
| http://securityreason.com/securityalert/3722 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28126"
},
{
"name": "29279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29279"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection exploit code adding",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489258/100/0/threaded"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489219/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51\u0026thread_id=3058"
},
{
"name": "3722",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3722"
},
{
"name": "kutubisitte-kid-sql-injection(41036)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28126"
},
{
"name": "29279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29279"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection exploit code adding",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489258/100/0/threaded"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489219/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51\u0026thread_id=3058"
},
{
"name": "3722",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3722"
},
{
"name": "kutubisitte-kid-sql-injection(41036)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28126"
},
{
"name": "29279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29279"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection exploit code adding",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489258/100/0/threaded"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489219/100/0/threaded"
},
{
"name": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51\u0026thread_id=3058",
"refsource": "MISC",
"url": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51\u0026thread_id=3058"
},
{
"name": "3722",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3722"
},
{
"name": "kutubisitte-kid-sql-injection(41036)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1219",
"datePublished": "2008-03-10T17:00:00.000Z",
"dateReserved": "2008-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30177 (GCVE-0-2021-30177)
Vulnerability from nvd – Published: 2021-04-07 10:48 – Updated: 2024-08-03 22:24
VLAI
Summary
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gist.github.com/stacksmasher007/41e946fc9… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-07T10:48:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47",
"refsource": "MISC",
"url": "https://gist.github.com/stacksmasher007/41e946fc9a5a2f0b6950626cc9d43d47"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30177",
"datePublished": "2021-04-07T10:48:16.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:24:59.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3934 (GCVE-0-2014-3934)
Vulnerability from nvd – Published: 2014-06-02 14:00 – Updated: 2024-09-17 03:28
VLAI
Summary
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/126803/phpnu… | x_refsource_MISC |
| http://www.securityfocus.com/bid/67656 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-02T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126803/phpnuke83news-sql.txt"
},
{
"name": "67656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3934",
"datePublished": "2014-06-02T14:00:00.000Z",
"dateReserved": "2014-06-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:28:04.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5083 (GCVE-0-2010-5083)
Vulnerability from nvd – Published: 2012-02-14 20:00 – Updated: 2024-08-07 04:09
VLAI
Summary
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/14589 | exploitx_refsource_EXPLOIT-DB |
| http://www.itsecteam.com/en/vulnerabilities/vulne… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14589",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14589",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14589"
},
{
"name": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm",
"refsource": "MISC",
"url": "http://www.itsecteam.com/en/vulnerabilities/vulnerability58.htm"
},
{
"name": "phpnuke-weblinks-url-sql-injection(61012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5083",
"datePublished": "2012-02-14T20:00:00.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:09:38.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3784 (GCVE-0-2011-3784)
Vulnerability from nvd – Published: 2011-09-24 00:00 – Updated: 2024-09-16 20:02
VLAI
Summary
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/PHP-Nuke-8.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3784",
"datePublished": "2011-09-24T00:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:02:50.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1482 (GCVE-0-2011-1482)
Vulnerability from nvd – Published: 2011-06-21 01:00 – Updated: 2024-09-16 20:47
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2011/03/30/8 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/03/23/9 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/8"
},
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1482",
"datePublished": "2011-06-21T01:00:00.000Z",
"dateReserved": "2011-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:47:40.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1481 (GCVE-0-2011-1481)
Vulnerability from nvd – Published: 2011-06-21 01:00 – Updated: 2024-09-16 23:51
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/03/23/8 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/03/30/7 | mailing-listx_refsource_MLIST |
| http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_cross_site_scripting"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/8"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/7"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1481",
"datePublished": "2011-06-21T01:00:00.000Z",
"dateReserved": "2011-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:16.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1480 (GCVE-0-2011-1480)
Vulnerability from nvd – Published: 2011-06-21 01:00 – Updated: 2024-09-17 02:36
VLAI
Summary
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/03/23/7 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/03/30/6 | mailing-listx_refsource_MLIST |
| http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-21T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bphpnuke-8.x%5D_sql_injection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110323 CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/7"
},
{
"name": "[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x \u003c= \"chng_uid\" Blind SQL Injection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/30/6"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_sql_injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1480",
"datePublished": "2011-06-21T01:00:00.000Z",
"dateReserved": "2011-03-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:36:14.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1842 (GCVE-0-2009-1842)
Vulnerability from nvd – Published: 2009-06-01 14:00 – Updated: 2024-08-07 05:27
VLAI
Summary
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/35117 | vdb-entryx_refsource_BID |
| http://gsasec.blogspot.com/2009/05/php-nuke-v80-r… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35117",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35117",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35117"
},
{
"name": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html",
"refsource": "MISC",
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1842",
"datePublished": "2009-06-01T14:00:00.000Z",
"dateReserved": "2009-06-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:27:54.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6779 (GCVE-0-2008-6779)
Vulnerability from nvd – Published: 2009-05-01 17:00 – Updated: 2024-08-07 11:41
VLAI
Summary
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/0810-exploits/phpn… | x_refsource_MISC |
| http://www.securityfocus.com/bid/31830 | vdb-entryx_refsource_BID |
Date Public
2008-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sarkilar-module-sql-injection(45992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"name": "31830",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sarkilar-module-sql-injection(45992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"name": "31830",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31830"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sarkilar-module-sql-injection(45992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45992"
},
{
"name": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0810-exploits/phpnukesarkilar-sql.txt"
},
{
"name": "31830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31830"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6779",
"datePublished": "2009-05-01T17:00:00.000Z",
"dateReserved": "2009-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6728 (GCVE-0-2008-6728)
Vulnerability from nvd – Published: 2009-04-20 14:06 – Updated: 2024-08-07 11:41
VLAI
Summary
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/499656/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/52033 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=bugtraq&m=123073887531700&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-12-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081230 php-nuke 8.0 module sections artid blind sql inj vuln.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499656/100/0/threaded"
},
{
"name": "52033",
"refsource": "OSVDB",
"url": "http://osvdb.org/52033"
},
{
"name": "20081230 Re: php-nuke 8.0 module sections artid blind sql inj vuln.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=123073887531700\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6728",
"datePublished": "2009-04-20T14:06:00.000Z",
"dateReserved": "2009-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3151 (GCVE-0-2008-3151)
Vulnerability from nvd – Published: 2008-07-11 22:00 – Updated: 2024-08-07 09:28
VLAI
Summary
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30120 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/494013/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3986 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/30976 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30120"
},
{
"name": "4ndvddb-modules-sql-injection(43626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43626"
},
{
"name": "20080707 PHP-NUKE SQL Module\u0027s Name 4ndvddb",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494013/100/0/threaded"
},
{
"name": "3986",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3986"
},
{
"name": "30976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30120"
},
{
"name": "4ndvddb-modules-sql-injection(43626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43626"
},
{
"name": "20080707 PHP-NUKE SQL Module\u0027s Name 4ndvddb",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494013/100/0/threaded"
},
{
"name": "3986",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3986"
},
{
"name": "30976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30976"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30120"
},
{
"name": "4ndvddb-modules-sql-injection(43626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43626"
},
{
"name": "20080707 PHP-NUKE SQL Module\u0027s Name 4ndvddb",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494013/100/0/threaded"
},
{
"name": "3986",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3986"
},
{
"name": "30976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30976"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3151",
"datePublished": "2008-07-11T22:00:00.000Z",
"dateReserved": "2008-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:28:41.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2020 (GCVE-0-2008-2020)
Vulnerability from nvd – Published: 2008-04-30 01:00 – Updated: 2024-08-07 08:41
VLAI
Summary
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/491127/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3834 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/28877 | vdb-entryx_refsource_BID |
| http://www.rooksecurity.com/blog/?p=6 | x_refsource_MISC |
Date Public
2008-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rooksecurity.com/blog/?p=6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080419 Deciphering the PHP-Nuke Capthca",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"name": "3834",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28877"
},
{
"name": "http://www.rooksecurity.com/blog/?p=6",
"refsource": "MISC",
"url": "http://www.rooksecurity.com/blog/?p=6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2020",
"datePublished": "2008-04-30T01:00:00.000Z",
"dateReserved": "2008-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:41:00.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1220 (GCVE-0-2008-1220)
Vulnerability from nvd – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28128 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28128"
},
{
"name": "4nchat-roomid-sql-injection(41051)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28128"
},
{
"name": "4nchat-roomid-sql-injection(41051)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28128"
},
{
"name": "4nchat-roomid-sql-injection(41051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1220",
"datePublished": "2008-03-10T17:00:00.000Z",
"dateReserved": "2008-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:33.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1219 (GCVE-0-2008-1219)
Vulnerability from nvd – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28126 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/29279 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/489258/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/489219/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rbt-4.net/forum/viewthread.php?forum_i… | x_refsource_MISC |
| http://securityreason.com/securityalert/3722 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28126"
},
{
"name": "29279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29279"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection exploit code adding",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489258/100/0/threaded"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489219/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51\u0026thread_id=3058"
},
{
"name": "3722",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3722"
},
{
"name": "kutubisitte-kid-sql-injection(41036)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28126"
},
{
"name": "29279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29279"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection exploit code adding",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489258/100/0/threaded"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489219/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51\u0026thread_id=3058"
},
{
"name": "3722",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3722"
},
{
"name": "kutubisitte-kid-sql-injection(41036)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28126"
},
{
"name": "29279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29279"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection exploit code adding",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489258/100/0/threaded"
},
{
"name": "20080306 PHP-Nuke KutubiSitte \"kid\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489219/100/0/threaded"
},
{
"name": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51\u0026thread_id=3058",
"refsource": "MISC",
"url": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51\u0026thread_id=3058"
},
{
"name": "3722",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3722"
},
{
"name": "kutubisitte-kid-sql-injection(41036)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1219",
"datePublished": "2008-03-10T17:00:00.000Z",
"dateReserved": "2008-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}