CVE-2004-2354Cross-site Scripting in Burzi Php-nuke

3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 88.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Francisco Burzi Php-nukeWarpspeed 4nguestbook
Timeline
PublishedDec 31
Latest updateApr 29

Description

SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDfrancisco_burzi/php-nuke9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-r496-rh9q-6768: SQL injection vulnerability in 4nGuestbook 02022-04-29
CVEList
CVE-2004-2354: SQL injection vulnerability in 4nGuestbook 02005-08-16
CVE-2004-2354 — Cross-site Scripting in Burzi Php-nuke | cvebase