CVE-2007-0372 β€” SQL Injection in Burzi Php-nuke

35 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 52.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedJan 19
Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-qgpx-f7vw-cf7q: Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7β†—2022-05-01
β–Ά
CVEList
CVE-2007-0372: Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7β†—2007-01-19
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
Hancom Office 2007 - 'Reboot.ini' Clear-Text Passwords↗1999-02-09
β–Ά

πŸ”Detection Rules

31
Suricata
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position UPDATE↗2010-07-30
β–Ά
Suricata
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII↗2010-07-30
β–Ά
Suricata
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class UPDATE↗2010-07-30
β–Ά
Suricata
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl DELETE↗2010-07-30
β–Ά
Suricata
ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl UPDATE↗2010-07-30
β–Ά
CVE-2007-0372 β€” SQL Injection in Burzi Php-nuke | cvebase