Vulnerabilities > CVE-2003-1210 - Downloads Module SQL Injection vulnerability in PHP-Nuke

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

francisco-burzi

exploit available

NVD

Published: 2003-12-31

Updated: 2017-07-11

Summary

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.

Vulnerable Configurations

Part	Description	Count
Application	Francisco_Burzi Francisco Burzi PHP Nuke * Francisco Burzi PHP Nuke 6.5_Beta1 Francisco Burzi PHP Nuke 6.5_Final Francisco Burzi PHP Nuke 6.5_Rc1 Francisco Burzi PHP Nuke 6.5_Rc2 Francisco Burzi PHP Nuke 6.5_Rc3	6

Exploit-Db

description	PHP-Nuke 6.5 Multiple Downloads Module SQL Injection Vulnerabilities. CVE-2003-1210. Webapps exploit for php platform
id	EDB-ID:22597
last seen	2016-02-02
modified	2003-05-13
published	2003-05-13
reporter	Albert Puigsech Galicia
source	https://www.exploit-db.com/download/22597/
title	PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

References