Vulnerability Name:

CCN-16491

Published:2004-06-22
Updated:2004-06-22
Summary:PHP-Nuke fails to validate if a user is authenticated, caused by vulnerability in the commentkill.php script. A remote attacker could send a specially-crafted HTTP GET request to delete arbitrary comments from a journal.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Data Manipulation
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Jun 22 2004 - 18:59:10 CDT
[waraxe-2004-SA#033 - Multiple security holes in PhpNuke - part 1]

Source: CCN
Type: BID-10595
PHP-Nuke Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
phpnuke-get-comment-deletion(16491)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    phpnuke php-nuke 6.0
    phpnuke php-nuke 6.7
    phpnuke php-nuke 7.0
    phpnuke php-nuke 6.5
    phpnuke php-nuke 7.1
    phpnuke php-nuke 7.2
    phpnuke php-nuke 7.3
    phpnuke php-nuke 6.6
    phpnuke php-nuke 6.9
    phpnuke php-nuke 6.8