Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2354

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-2354
Last Modified 05 Sep 2008 04:43:54
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2354

Summary

SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.

Vulnerable Systems

Application

  • Francisco Burzi Php-nuke 6.5

  • Francisco Burzi Php-nuke 6.5 Beta1

  • Francisco Burzi Php-nuke 6.5 Final

  • Francisco Burzi Php-nuke 6.5 Rc1

  • Francisco Burzi Php-nuke 6.5 Rc2

  • Francisco Burzi Php-nuke 6.5 Rc3

  • Francisco Burzi Php-nuke 6.6

  • Francisco Burzi Php-nuke 6.7

  • Francisco Burzi Php-nuke 6.9

  • Warpspeed 4nguestbook 0.92


References

XF - 4nguestbook-modules-xss(15478)

BUGTRAQ - 20040315 [waraxe-2004-SA#007 - XSS and SQL injection bugs in 4nguestbook module for PhpNuke]


Last Updated: 27 May 2016 10:39:26