Vulnerability Name:
CVE-2004-1932 (CCN-15835)
Assigned:
2004-04-12
Published:
2004-04-12
Updated:
2017-07-11
Summary:
SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
7.5 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Bypass Security
References:
Source: CCN
Type: BugTraq Mailing List, Mon Apr 12 2004 - 11:10:19 CDT
[waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2]
Source: MITRE
Type: CNA
CVE-2004-1932
Source: BUGTRAQ
Type: UNKNOWN
20040412 [waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2]
Source: CCN
Type: OSVDB ID: 16635
PHP-Nuke admin.php admin Parameter SQL Injection
Source: CCN
Type: OSVDB ID: 5262
PHP-Nuke auth.php admin Parameter SQL Injection
Source: MISC
Type: Exploit, Vendor Advisory
http://www.waraxe.us/index.php?modname=sa&id=18
Source: XF
Type: UNKNOWN
phpnuke-admin-bypass-authentication(15835)
Source: XF
Type: UNKNOWN
phpnuke-admin-bypass-authentication(15835)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
francisco_burzi
php-nuke 6.0
francisco_burzi
php-nuke 6.5
francisco_burzi
php-nuke 6.5_beta1
francisco_burzi
php-nuke 6.5_final
francisco_burzi
php-nuke 6.5_rc1
francisco_burzi
php-nuke 6.5_rc2
francisco_burzi
php-nuke 6.5_rc3
francisco_burzi
php-nuke 6.6
francisco_burzi
php-nuke 6.7
francisco_burzi
php-nuke 6.9
francisco_burzi
php-nuke 7.0
francisco_burzi
php-nuke 7.0_final
francisco_burzi
php-nuke 7.1
francisco_burzi
php-nuke 7.2
phpnuke
php-nuke 6.0
phpnuke
php-nuke 6.7
phpnuke
php-nuke 7.0
phpnuke
php-nuke 6.5
phpnuke
php-nuke 7.1
phpnuke
php-nuke 7.2
phpnuke
php-nuke 6.6
phpnuke
php-nuke 6.9
phpnuke
php-nuke 6.8
Denotes that component is vulnerable