| Vulnerability Name: | CCN-16493 | ||||||
| Published: | 2004-06-22 | ||||||
| Updated: | 2004-06-22 | ||||||
| Summary: | PHP-Nuke is vulnerable to SQL injection, caused by a vulnerability in the search.php script of the Journal module. A remote attacker could embed arbitrary SQL code in the forwhat variable in a specially-crafted URL request, which would allow the attacker to obtain sensitive information. An attacker could use this vulnerability to add, modify or delete data in the backend database and obtain the administrator password md5 hash. | ||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.1 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
| ||||||
| Vulnerability Consequences: | Data Manipulation | ||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Tue Jun 22 2004 - 18:59:10 CDT [waraxe-2004-SA#033 - Multiple security holes in PhpNuke - part 1] Source: CCN Type: BID-10595 PHP-Nuke Multiple Vulnerabilities Source: XF Type: UNKNOWN phpnuke-forwhat-sql-injection(16493) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||