Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0269

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2004-0269
Last Modified 05 Sep 2008 04:37:59
Published 23 Nov 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0269

Summary

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.

Vulnerable Systems

Application

  • Francisco Burzi Php-nuke 1.0

  • Francisco Burzi Php-nuke 2.5

  • Francisco Burzi Php-nuke 3.0

  • Francisco Burzi Php-nuke 4.0

  • Francisco Burzi Php-nuke 4.3

  • Francisco Burzi Php-nuke 4.4

  • Francisco Burzi Php-nuke 4.4.1a

  • Francisco Burzi Php-nuke 5.0

  • Francisco Burzi Php-nuke 5.0.1

  • Francisco Burzi Php-nuke 5.1

  • Francisco Burzi Php-nuke 5.2

  • Francisco Burzi Php-nuke 5.2a

  • Francisco Burzi Php-nuke 5.3.1

  • Francisco Burzi Php-nuke 5.4

  • Francisco Burzi Php-nuke 5.5

  • Francisco Burzi Php-nuke 5.6

  • Francisco Burzi Php-nuke 6.0

  • Francisco Burzi Php-nuke 6.5

  • Francisco Burzi Php-nuke 6.5 Beta1

  • Francisco Burzi Php-nuke 6.5 Final

  • Francisco Burzi Php-nuke 6.5 Rc1

  • Francisco Burzi Php-nuke 6.5 Rc2

  • Francisco Burzi Php-nuke 6.5 Rc3

  • Francisco Burzi Php-nuke 6.6

  • Francisco Burzi Php-nuke 6.7

  • Francisco Burzi Php-nuke 6.9


References

BID - 9630

BUGTRAQ - 20040210 [SCAN Associates Sdn Bhd Security Advisory] PHPNuke 6.9 > and below SQL Injection in multiple module

XF - phpnuke-modules-sql-injection(15115)

MISC - http://www.scan-associates.net/papers/phpnuke69.txt


Last Updated: 27 May 2016 10:38:32