Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3304 — SQL Injection in Burzi Php-nuke

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
3.6%
top 12.23%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedOct 26
Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-p4qx-pmxg-37rx: Multiple SQL injection vulnerabilities in PHP-Nuke 7↗2022-05-01
â–¶
CVEList
CVE-2005-3304: Multiple SQL injection vulnerabilities in PHP-Nuke 7↗2005-10-25
â–¶

💥Exploits & PoCs

1
Exploit-DB
PHP-Nuke Downloads Module - 'url' SQL Injection↗2009-01-23
â–¶
CVE-2005-3304 — SQL Injection in Burzi Php-nuke | cvebase