CVE-2003-0279
published 2003-06-16CVE-2003-0279: Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric…
PriorityP415low2.6CVSS 2.0
AVNACHAuNCPINAN
EPSS
1.18%
63.9th percentile
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| phpnuke | php-nuke | — | — |
| phpnuke | php-nuke | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9vqr-6495-qrxf: Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5
ghsa_unreviewed·2022-04-29
CVE-2003-0279 [LOW] GHSA-9vqr-6495-qrxf: Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
GHSA
GHSA-gh35-vjg8-m9xj: Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5
ghsa_unreviewed·2022-04-29·CVSS 2.6
CVE-2003-1340 [LOW] CWE-89 GHSA-gh35-vjg8-m9xj: Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.htmlhttp://marc.info/?l=bugtraq&m=105276019312980&w=2http://www.securityfocus.com/bid/7558http://www.securityfocus.com/bid/7588https://exchange.xforce.ibmcloud.com/vulnerabilities/11984http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.htmlhttp://marc.info/?l=bugtraq&m=105276019312980&w=2http://www.securityfocus.com/bid/7558http://www.securityfocus.com/bid/7588https://exchange.xforce.ibmcloud.com/vulnerabilities/11984
2003-06-16
Published