Vulnerabilities > CVE-2004-2000 - SQL Injection vulnerability in PHP-Nuke Modules.php
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php.
Vulnerable Configurations
Exploit-Db
description | PHP-Nuke Downloads Module 'sid' Parameter SQL Injection Vulnerability. CVE-2004-2000. Webapps exploit for php platform |
id | EDB-ID:31283 |
last seen | 2016-02-03 |
modified | 2008-02-21 |
published | 2008-02-21 |
reporter | S@BUN |
source | https://www.exploit-db.com/download/31283/ |
title | PHP-Nuke Downloads Module - 'sid' Parameter SQL Injection Vulnerability |
References
- http://marc.info/?l=bugtraq&m=108378804809891&w=2
- http://osvdb.org/52223
- http://secunia.com/advisories/11553
- http://www.securityfocus.com/archive/1/488452/100/0/threaded
- http://www.securityfocus.com/bid/10282
- http://www.securityfocus.com/bid/27932
- http://www.waraxe.us/index.php?modname=sa&id=27
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16074