Vulnerability Details CVE-2004-2000
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=108378804809891&w=2
- http://osvdb.org/52223
- http://secunia.com/advisories/11553
- http://www.securityfocus.com/archive/1/488452/100/0/threaded
- http://www.securityfocus.com/bid/10282
- http://www.securityfocus.com/bid/27932
- http://www.waraxe.us/index.php?modname=sa&id=27
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16074
- http://marc.info/?l=bugtraq&m=108378804809891&w=2
- http://osvdb.org/52223
- http://secunia.com/advisories/11553
- http://www.securityfocus.com/archive/1/488452/100/0/threaded
- http://www.securityfocus.com/bid/10282
- http://www.securityfocus.com/bid/27932
- http://www.waraxe.us/index.php?modname=sa&id=27
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16074
Products affected by CVE-2004-2000
-
cpe:2.3:a:francisco_burzi:php-nuke:6.0
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_final
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3
-
cpe:2.3:a:francisco_burzi:php-nuke:6.6
-
cpe:2.3:a:francisco_burzi:php-nuke:6.7
-
cpe:2.3:a:francisco_burzi:php-nuke:6.9
-
cpe:2.3:a:francisco_burzi:php-nuke:7.0
-
cpe:2.3:a:francisco_burzi:php-nuke:7.0_final
-
cpe:2.3:a:francisco_burzi:php-nuke:7.1
-
cpe:2.3:a:francisco_burzi:php-nuke:7.2