Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0997SQL Injection in Burzi Php-nuke

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 95.27%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedMay 2
Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q935-4jgf-7m78: Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 72022-05-01
CVEList
CVE-2005-0997: Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 72005-04-07

💥Exploits & PoCs

1
Exploit-DB
PHP-Nuke 7.6 Web_Links Module - Multiple SQL Injections2005-04-07
CVE-2005-0997 — SQL Injection in Burzi Php-nuke | cvebase