Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3792

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3792
Last Modified 07 Mar 2011 09:27:10
Published 24 Nov 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3792

Summary

Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.

Vulnerable Systems

Application

  • Francisco Burzi Php-nuke 7.0 Final

  • Francisco Burzi Php-nuke 7.1

  • Francisco Burzi Php-nuke 7.2

  • Francisco Burzi Php-nuke 7.3

  • Francisco Burzi Php-nuke 7.6

  • Francisco Burzi Php-nuke 7.7

  • Francisco Burzi Php-nuke 7.8


References

XF - phpnuke-query-sql-injection(23079)

VUPEN - ADV-2005-2446

BID - 15421

MISC - http://securityreason.com/achievement_exploitalert/5

SECUNIA - 17543

BUGTRAQ - 20051115 Critical SQL Injection PHPNuke <= 7.8

MISC - http://www.waraxe.us/advisory-46.html

BUGTRAQ - 20060219 [waraxe-2006-SA#046] - Critical sql injection in phpNuke 7.5-7.8

BUGTRAQ - 20060221 Re: [waraxe-2006-SA#046] - Critical sql injection in phpNuke 7.5-7.8

OSVDB - 20866

SECTRACK - 1015651

SECTRACK - 1015215


Last Updated: 27 May 2016 10:41:02