Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2297 — Burzi Php-nuke vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 42.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedDec 31

Latest updateApr 29

Description

The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke15 versions+14

🔴Vulnerability Details

GHSA

GHSA-f86m-qh2c-23m2: The Reviews module in PHP-Nuke 6↗2022-04-29

▶

CVEList

CVE-2004-2297: The Reviews module in PHP-Nuke 6↗2005-08-04

▶

💥Exploits & PoCs

Exploit-DB

PHP-Nuke 6.x/7.x - Multiple Input Validation Vulnerabilities↗2004-06-11

▶