CVE-2004-0269
published 2004-11-23CVE-2004-0269: SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information…
PriorityP338medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
8.09%
94.1th percentile
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHP-Nuke 6.x - 'Category' SQL Injection
exploitdb·2003-12-23
CVE-2004-0269 PHP-Nuke 6.x - 'Category' SQL Injection
PHP-Nuke 6.x - 'Category' SQL Injection
---
source: https://www.securityfocus.com/bid/9630/info
It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the 'index.php' page.
PHPNuke versions 6.9 and prior have been reported to be prone to this issue, however other versions may be affected as well.
#!/usr/bin/php -q
PHPnuke 6.x and 5.x fetch author hash by pokleyzz
# 27th December 2003 : 4:54 a.m
#
# bug found by pokleyzz (11th December 2003 ) for HITB 2003 security conference
# (Shame on You!!)
#
# Requirement:
# PHP 4.x with curl extension;
#
# Greet:
# tynon, sk ,wanvadder, sir_flyguy, wxyz , tenukboncit, kerengga_kurus ,
# s0cket3
Exploit-DB
PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
exploitdb·2003-05-12
CVE-2004-0269 PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
---
source: https://www.securityfocus.com/bid/7558/info
It has been reported that multiple input validation bugs exist in the Web_Links module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive information. Successful exploitation could result in compromise of the web forums or more severe consequences.
http://www.example.com/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=2%20
where represents attacker-supplied SQL code.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107643348117646&w=2http://www.scan-associates.net/papers/phpnuke69.txthttp://www.securityfocus.com/bid/9630https://exchange.xforce.ibmcloud.com/vulnerabilities/15115http://marc.info/?l=bugtraq&m=107643348117646&w=2http://www.scan-associates.net/papers/phpnuke69.txthttp://www.securityfocus.com/bid/9630https://exchange.xforce.ibmcloud.com/vulnerabilities/15115
2004-11-23
Published