Vulnerability Name:

CVE-2005-1000 (CCN-19952)

Assigned:2005-04-03
Published:2005-04-03
Updated:2017-07-11
Summary:Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: BUGTRAQ
Type: Exploit, Vendor Advisory
20050404 [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12

Source: CCN
Type: BugTraq Mailing List, Mon Apr 04 2005 - 16:50:25 CDT
PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12

Source: CCN
Type: BugTraq Mailing List, Sun Apr 03 2005 - 16:17:23 CDT
Full path disclosure and XSS in PHPNuke

Source: MITRE
Type: CNA
CVE-2005-1000

Source: MITRE
Type: CNA
CVE-2005-1023

Source: BUGTRAQ
Type: UNKNOWN
20050403 Full path disclosure and XSS in PHPNuke

Source: CCN
Type: OSVDB ID: 15398
PHP-Nuke Web_Links Module Multiple Parameter XSS

Source: CCN
Type: OSVDB ID: 15399
PHP-Nuke banners.php bid Parameter XSS

Source: CCN
Type: OSVDB ID: 15400
PHP-Nuke Your_Account Module Multiple Parameter XSS

Source: CCN
Type: OSVDB ID: 15419
PHP-Nuke Search Module min Parameter XSS

Source: CCN
Type: OSVDB ID: 6997
PHP-Nuke FAQ Module categories Parameter XSS

Source: CCN
Type: PHP-Nuke Web site
PHP-Nuke

Source: CCN
Type: BID-12983
PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities

Source: CCN
Type: BID-13007
PHP-Nuke Your_Account Module Username Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-13025
PHP-Nuke Web_Links Module Multiple Cross-Site Scripting Vulnerabilities

Source: CCN
Type: BID-13026
PHP-Nuke Banners.PHP Cross-Site Scripting Vulnerability

Source: CCN
Type: SecurityReason-2005-SRA#04
Full path disclosure and XSS in PHPNuke

Source: XF
Type: UNKNOWN
phpnuke-modulesphp-xss(19952)

Source: XF
Type: UNKNOWN
phpnuke-modulesphp-xss(19952)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*
  • OR cpe:/a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    francisco_burzi php-nuke 7.6
    phpnuke php-nuke 6.0
    phpnuke php-nuke 6.7
    phpnuke php-nuke 7.0
    phpnuke php-nuke 7.4
    phpnuke php-nuke 7.6
    phpnuke php-nuke 7.5
    phpnuke php-nuke 6.5
    phpnuke php-nuke 7.1
    phpnuke php-nuke 7.2
    phpnuke php-nuke 7.3
    phpnuke php-nuke 6.6
    phpnuke php-nuke 6.9