Vulnerability Details CVE-2004-2354
SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.5%
CVSS Severity
CVSS v2 Score 6.8
References
Products affected by CVE-2004-2354
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_final
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3
-
cpe:2.3:a:francisco_burzi:php-nuke:6.6
-
cpe:2.3:a:francisco_burzi:php-nuke:6.7
-
cpe:2.3:a:francisco_burzi:php-nuke:6.9
-
cpe:2.3:a:warpspeed:4nguestbook:0.92