Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1210 — SQL Injection in Burzi Php-nuke

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 89.93%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedDec 31

Latest updateApr 29

Description

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke6.5+5

🔴Vulnerability Details

GHSA

GHSA-cf94-g7fg-mcxq: Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5↗2022-04-29

▶

CVEList

CVE-2003-1210: Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5↗2005-05-19

▶

💥Exploits & PoCs

Exploit-DB

PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection↗2003-05-13

▶