CVE-2004-1999Path Equivalence: '//multiple/leading/slash' in Burzi Php-nuke

CWE-50Path Equivalence: '//multiple/leading/slash'12 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedMay 5
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDfrancisco_burzi/php-nuke9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-9crw-h8v9-v2xf: Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 62022-04-29
CVEList
CVE-2004-1999: Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 62005-05-10

💥Exploits & PoCs

3
Exploit-DB
samPHPweb 4.2.2 - 'songinfo.php' SQL Injection2008-01-05
Exploit-DB
samPHPweb 4.2.2 - 'db.php' Remote File Inclusion2008-01-04
Exploit-DB
Internet Security Systems BlackICE PC Protection 3.6 - Firewall.INI Local Buffer Overrun2004-08-11

📋Vendor Advisories

1
Red Hat
CVE-2004-0603: gzexe in gzip 1

📐Framework References

1
CWE
Path Equivalence: '//multiple/leading/slash'
CVE-2004-1999 — Francisco Burzi Php-nuke vulnerability | cvebase