Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2032 — Burzi Php-nuke vulnerability

5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.0%

top 91.00%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedDec 31

Latest updateApr 30

Description

sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke14 versions+13

🔴Vulnerability Details

GHSA

GHSA-3j3x-mwxq-3rh3: sql_layer↗2022-04-30

▶

CVEList

CVE-2002-2032: sql_layer↗2005-07-14

▶

💥Exploits & PoCs

Exploit-DB

IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)↗2002-05-30

▶

Exploit-DB

PHP-Nuke 4.x/5.x - SQL_Debug Information Disclosure↗2002-01-18

▶