Vulnerabilities > CVE-2005-0999 - Unspecified vulnerability in Francisco Burzi PHP-Nuke

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

francisco-burzi

exploit available

NVD

Published: 2005-05-02

Updated: 2016-10-18

Summary

SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter.

Vulnerable Configurations

Part	Description	Count
Application	Francisco_Burzi Francisco Burzi PHP Nuke 6.0 Francisco Burzi PHP Nuke 6.5 Francisco Burzi PHP Nuke 6.5_Beta1 Francisco Burzi PHP Nuke 6.5_Final Francisco Burzi PHP Nuke 6.5_Rc1 Francisco Burzi PHP Nuke 6.5_Rc2 Francisco Burzi PHP Nuke 6.5_Rc3 Francisco Burzi PHP Nuke 6.6 Francisco Burzi PHP Nuke 6.7 Francisco Burzi PHP Nuke 6.9 Francisco Burzi PHP Nuke 7.0 Francisco Burzi PHP Nuke 7.0_Final Francisco Burzi PHP Nuke 7.1 Francisco Burzi PHP Nuke 7.2 Francisco Burzi PHP Nuke 7.3 Francisco Burzi PHP Nuke 7.4 Francisco Burzi PHP Nuke 7.5 Francisco Burzi PHP Nuke 7.6	18

Exploit-Db

description	PHP-Nuke 6.x - 7.6 Top module Remote Sql Injection Exploit (working). CVE-2005-0999. Webapps exploit for php platform
id	EDB-ID:921
last seen	2016-01-31
modified	2005-04-07
published	2005-04-07
reporter	Fabrizi Andrea
source	https://www.exploit-db.com/download/921/
title	PHP-Nuke 6.x - 7.6 Top module Remote SQL Injection Exploit working

Summary

Vulnerable Configurations

Exploit-Db

References