Details of VAR-200709-0071

ID

VAR-200709-0071

CVE

CVE-2007-5032

TITLE

Francisco Burzi PHP-Nuke of admin.php Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2007-002669

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. PHP-Nuke is prone to a cross-site request forgery vulnerability. A remote attacker can use the AddAuthor operation to modify the add_name and add_radminsuper parameters to increase the administrator account

Trust: 1.98

sources: NVD: CVE-2007-5032 // JVNDB: JVNDB-2007-002669 // BID: 85349 // VULHUB: VHN-28394

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	5.3.1	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	2.5	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.5_beta1	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.1	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	4.0.4	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	5.0.1	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	1.0	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.4	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.9	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.7	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	5.4	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.5_rc3	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.8	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.3	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.0	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	5.2a	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	4.3	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	3.0	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.5	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.7	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.2	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.5_rc2	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.5	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	4.4.1a	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	5.2	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	5.5	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	4.4	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.8_patched_3.2	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	4.0	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	8.0_final	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.9	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.0_final	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.6	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.5_rc1	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.5_final	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	5.6	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	5.1	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	5.0	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	6.8	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.0	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	lte	version:	7.6	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	-	version:	-	Trust: 0.8
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.7	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.2	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.4	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.3	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	8.0_final	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.6	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.5	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.8_patched_3.2	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.8	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.9	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.3.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke a	scope:	eq	version:	4.4.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	8.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.9	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke patched	scope:	eq	version:	7.83.2	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.8	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.7	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.4	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.3	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.2	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.9	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.8	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.7	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc3	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc2	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc1	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke beta1	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.4	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke 5.2a	scope:	-	version:	-	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.2	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	5.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	4.4	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	4.3	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	4.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	3.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	2.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 85349 // JVNDB: JVNDB-2007-002669 // CNNVD: CNNVD-200709-316 // NVD: CVE-2007-5032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5032
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-5032
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200709-316
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28394
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-5032
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28394
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28394 // JVNDB: JVNDB-2007-002669 // CNNVD: CNNVD-200709-316 // NVD: CVE-2007-5032

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-28394 // JVNDB: JVNDB-2007-002669 // NVD: CVE-2007-5032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-316

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-200709-316

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002669

PATCH

title:

Top Page

url:

http://phpnuke.org/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002669

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5032	Trust: 2.8
db:	SREASON	id:	3157	Trust: 2.0
db:	OSVDB	id:	42521	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002669	Trust: 0.8
db:	BUGTRAQ	id:	20070920 PHP-NUKE ADD ADMIN ALL VERSIONS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200709-316	Trust: 0.6
db:	BID	id:	85349	Trust: 0.4
db:	VULHUB	id:	VHN-28394	Trust: 0.1

sources: VULHUB: VHN-28394 // BID: 85349 // JVNDB: JVNDB-2007-002669 // CNNVD: CNNVD-200709-316 // NVD: CVE-2007-5032

REFERENCES

url:	http://securityreason.com/securityalert/3157	Trust: 2.0
url:	http://osvdb.org/42521	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/480107/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/480107/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5032	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5032	Trust: 0.8

sources: VULHUB: VHN-28394 // BID: 85349 // JVNDB: JVNDB-2007-002669 // CNNVD: CNNVD-200709-316 // NVD: CVE-2007-5032

CREDITS

Unknown

Trust: 0.3

sources: BID: 85349

SOURCES

db:	VULHUB	id:	VHN-28394
db:	BID	id:	85349
db:	JVNDB	id:	JVNDB-2007-002669
db:	CNNVD	id:	CNNVD-200709-316
db:	NVD	id:	CVE-2007-5032

LAST UPDATE DATE

2025-04-10T23:16:44.379000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28394	date:	2018-10-15T00:00:00
db:	BID	id:	85349	date:	2007-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2007-002669	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200709-316	date:	2007-09-26T00:00:00
db:	NVD	id:	CVE-2007-5032	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28394	date:	2007-09-21T00:00:00
db:	BID	id:	85349	date:	2007-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2007-002669	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200709-316	date:	2007-09-21T00:00:00
db:	NVD	id:	CVE-2007-5032	date:	2007-09-21T19:17:00