CVE-2005-4715 — SQL Injection in Burzi Php-nuke

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 53.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedDec 31

Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke7.8

Patches

Patch: phpnuke.org ↗Patch: secunia.com ↗Patch: www.nukefixes.com ↗

🔴Vulnerability Details

GHSA

GHSA-4grv-jw7c-q92p: Multiple SQL injection vulnerabilities in modules↗2022-05-01

▶

CVEList

CVE-2005-4715: Multiple SQL injection vulnerabilities in modules↗2006-02-13

▶