Moderate

CVE-2004-0269 - Unspecified vulnerability in Francisco Burzi PHP-Nuke

Publication: 2004-11-23
Summary

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.

Risk level (CVSS 6.4)

Moderate

6.4

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Francisco Burzi PHP-nuke 1.0
  • Francisco Burzi PHP-nuke 2.5
  • Francisco Burzi PHP-nuke 3.0
  • Francisco Burzi PHP-nuke 4.0
  • Francisco Burzi PHP-nuke 4.3
  • Francisco Burzi PHP-nuke 4.4
  • Francisco Burzi PHP-nuke 5.0
  • Francisco Burzi PHP-nuke 5.0.1
  • Francisco Burzi PHP-nuke 5.1
  • Francisco Burzi PHP-nuke 5.2
  • Francisco Burzi PHP-nuke 5.3.1
  • Francisco Burzi PHP-nuke 5.2a
  • Francisco Burzi PHP-nuke 5.4
  • Francisco Burzi PHP-nuke 4.4.1a
  • Francisco Burzi PHP-nuke 6.5_rc3
  • Francisco Burzi PHP-nuke 6.5_rc2
  • Francisco Burzi PHP-nuke 6.5_rc1
  • Francisco Burzi PHP-nuke 6.5_final
  • Francisco Burzi PHP-nuke 6.5_beta1
  • Francisco Burzi PHP-nuke 5.5
  • Francisco Burzi PHP-nuke 5.6
  • Francisco Burzi PHP-nuke 6.0
  • Francisco Burzi PHP-nuke 6.5
  • Francisco Burzi PHP-nuke 6.6
  • Francisco Burzi PHP-nuke 6.7
  • Francisco Burzi PHP-nuke 6.9