CVE-2005-0996 — SQL Injection in Burzi Php-nuke

5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.0%

top 98.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedMay 2

Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke7.6

🔴Vulnerability Details

GHSA

GHSA-f265-j59f-f7vh: Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7↗2022-05-01

▶

CVEList

CVE-2005-0996: Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7↗2005-04-07

▶