CVE-2003-0279

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html
http://marc.info/?l=bugtraq&m=105276019312980&w=2
http://www.securityfocus.com/bid/7558
http://www.securityfocus.com/bid/7588
https://exchange.xforce.ibmcloud.com/vulnerabilities/11984

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:francisco_burzi:php-nuke:5.0:::::::*
	cpe:2.3:a:francisco_burzi:php-nuke:6.0:::::::*

History

No history.

Information

Published : 2003-06-16 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2003-0279

Mitre link : CVE-2003-0279

CVE.ORG link : CVE-2003-0279

JSON object : View

Products Affected

francisco_burzi

php-nuke

CWE

NVD-CWE-Other

{"id": "CVE-2003-0279", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-06-16T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=105276019312980&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7558", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/7588", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el m\u00f3dulo Web_Links para PHP-Nuke 5.x hasta 6.5 permite que atacantes remotos roben informaci\u00f3n mediante campos num\u00e9ricos, como se ha demostrado usando (1) la funci\u00f3n viewlink y el par\u00e1metro cid, o (2) index.php."}], "lastModified": "2017-07-11T01:29:30.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93B755A9-694E-49FA-9068-353203AF9965"}, {"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91CC84AB-0BA6-45BE-9DE8-7243FBF00EB8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}