Vulnerability CVE-2006-6200 - CERT Civis.Net

Vulnerability Name:

CVE-2006-6200 (CCN-30525)

Assigned:

2006-11-24

Published:

2006-11-24

Updated:

2018-10-17

Summary:

Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Data Manipulation

References:

Source: CCN
Type: BugTraq Mailing List, Fri Nov 24 2006 - 02:13:13 CST
PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities

Source: MITRE
Type: CNA
CVE-2006-6200

Source: CCN
Type: PHP-Nuke Web site
PHP-Nuke

Source: CCN
Type: SA23128
PHP-Nuke "modules/News/index.php" SQL Injection Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
23128

Source: SREASON
Type: UNKNOWN
1935

Source: CCN
Type: SECTRACK ID: 1017282
PHP-Nuke Input Validation Flaw in News Module in `sid` Parameter Lets Remote Users Inject SQL Commands

Source: SECTRACK
Type: Vendor Advisory
1017282

Source: MISC
Type: Patch
http://www.neosecurityteam.net/index.php?action=advisories&id=30

Source: CCN
Type: OSVDB ID: 30755
PHP-Nuke modules/News/index.php sid Parameter SQL Injection

Source: BUGTRAQ
Type: UNKNOWN
20061124 PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities

Source: BID
Type: Exploit, Patch, Vendor Advisory
21277

Source: CCN
Type: BID-21277
PHP-Nuke News Module Index.PHP SQL Injection Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-4739

Source: XF
Type: UNKNOWN
news-index-sql-injection(30525)

Source: XF
Type: UNKNOWN
news-index-sql-injection(30525)

Vulnerable Configuration:

Configuration 1:

cpe:/a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.4:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.5:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.7:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.8_patched_3.2:*:*:*:*:*:*:*

OR cpe:/a:francisco_burzi:php-nuke:7.9:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*

OR cpe:/a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*

Denotes that component is vulnerable