Vulnerability CVE-2005-1000 - CERT Civis.Net

Vulnerability Name:

CVE-2005-1000 (CCN-19952)

Assigned:

2005-04-03

Published:

2005-04-03

Updated:

2017-07-11

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: BUGTRAQ
Type: Exploit, Vendor Advisory
20050404 [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12

Source: CCN
Type: BugTraq Mailing List, Mon Apr 04 2005 - 16:50:25 CDT
PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12

Source: CCN
Type: BugTraq Mailing List, Sun Apr 03 2005 - 16:17:23 CDT
Full path disclosure and XSS in PHPNuke

Source: MITRE
Type: CNA
CVE-2005-1000

Source: MITRE
Type: CNA
CVE-2005-1023

Source: BUGTRAQ
Type: UNKNOWN
20050403 Full path disclosure and XSS in PHPNuke

Source: CCN
Type: OSVDB ID: 15398
PHP-Nuke Web_Links Module Multiple Parameter XSS

Source: CCN
Type: OSVDB ID: 15399
PHP-Nuke banners.php bid Parameter XSS

Source: CCN
Type: OSVDB ID: 15400
PHP-Nuke Your_Account Module Multiple Parameter XSS

Source: CCN
Type: OSVDB ID: 15419
PHP-Nuke Search Module min Parameter XSS

Source: CCN
Type: OSVDB ID: 6997
PHP-Nuke FAQ Module categories Parameter XSS

Source: CCN
Type: PHP-Nuke Web site
PHP-Nuke

Source: CCN
Type: BID-12983
PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities

Source: CCN
Type: BID-13007
PHP-Nuke Your_Account Module Username Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-13025
PHP-Nuke Web_Links Module Multiple Cross-Site Scripting Vulnerabilities

Source: CCN
Type: BID-13026
PHP-Nuke Banners.PHP Cross-Site Scripting Vulnerability

Source: CCN
Type: SecurityReason-2005-SRA#04
Full path disclosure and XSS in PHPNuke

Source: XF
Type: UNKNOWN
phpnuke-modulesphp-xss(19952)

Source: XF
Type: UNKNOWN
phpnuke-modulesphp-xss(19952)

Vulnerable Configuration:

Configuration 1:

cpe:/a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*

Denotes that component is vulnerable