Sign-up

ID

VAR-200801-0029


CVE

CVE-2008-0461


TITLE

PHP-Nuke of Search Module index.php In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2008-002659

DESCRIPTION

SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. PHP-Nuke is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: PHP-Nuke "modules/Search/index.php" SQL Injection SECUNIA ADVISORY ID: SA28624 VERIFY ADVISORY: http://secunia.com/advisories/28624/ CRITICAL: Moderately critical IMPACT: Manipulation of data, Exposure of sensitive information WHERE: >From remote SOFTWARE: PHP-Nuke 8.x http://secunia.com/product/13524/ DESCRIPTION: Foster & 1dt.w0lf have discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows e.g. retrieving the administrator password hash, but requires that "magic_quotes_gpc" is disabled - not the value recommended by the installer - and having knowledge of the database table prefix. The vulnerability is confirmed in version 8.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Set "magic_quotes_gpc" in php.ini to On. Use another product. PROVIDED AND/OR DISCOVERED BY: Foster & 1dt.w0lf ORIGINAL ADVISORY: http://milw0rm.com/exploits/4965 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-0461 // JVNDB: JVNDB-2008-002659 // BID: 27408 // VULHUB: VHN-30586 // PACKETSTORM: 62907

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:lteversion:8.0_final

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:lteversion:8.0 final

Trust: 0.8

vendor:francisco burzimodel:php-nukescope:eqversion:8.0_final

Trust: 0.6

vendor:franciscomodel:burzi php-nukescope:eqversion:7.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.8

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.7

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.6

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.7

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.6

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke betascope:eqversion:6.51

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.6

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.4

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.3.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke ascope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.0.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.0

Trust: 0.3

vendor:franciscomodel:burzi php-nuke ascope:eqversion:4.4.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.4

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:4.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:3.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:2.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:1.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:0.726-3

Trust: 0.3

vendor:franciscomodel:burzi php-nuke -rc3scope:eqversion:0.75

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:8.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:8.0

Trust: 0.3

sources: BID: 27408 // JVNDB: JVNDB-2008-002659 // CNNVD: CNNVD-200801-399 // NVD: CVE-2008-0461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0461
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-0461
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200801-399
value: MEDIUM

Trust: 0.6

VULHUB: VHN-30586
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-0461
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-30586
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-30586 // JVNDB: JVNDB-2008-002659 // CNNVD: CNNVD-200801-399 // NVD: CVE-2008-0461

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-30586 // JVNDB: JVNDB-2008-002659 // NVD: CVE-2008-0461

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200801-399

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 62907 // CNNVD: CNNVD-200801-399

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-002659

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-30586

PATCH
title:Top Pageurl:http://phpnuke.org/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-002659

EXTERNAL IDS
db:NVDid:CVE-2008-0461
Trust: 2.8
db:BIDid:27408
Trust: 2.0
db:SECUNIAid:28624
Trust: 1.9
db:EXPLOIT-DBid:4965
Trust: 1.8
db:VUPENid:ADV-2008-0264
Trust: 1.7
db:JVNDBid:JVNDB-2008-002659
Trust: 0.8
db:CNNVDid:CNNVD-200801-399
Trust: 0.7
db:XFid:39850
Trust: 0.6
db:MILW0RMid:4965
Trust: 0.6
db:SEEBUGid:SSVID-65150
Trust: 0.1
db:VULHUBid:VHN-30586
Trust: 0.1
db:PACKETSTORMid:62907
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30586 // 
            
            
            
            BID: 27408 // 
            
            
            
            JVNDB: JVNDB-2008-002659 // 
            
            
            
            PACKETSTORM: 62907 // 
            
            
            
            CNNVD: CNNVD-200801-399 // 
            
            
            
            NVD: CVE-2008-0461

REFERENCES
url:http://www.securityfocus.com/bid/27408
Trust: 1.7
url:http://secunia.com/advisories/28624
Trust: 1.7
url:https://www.exploit-db.com/exploits/4965
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/0264
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/39850
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0461
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0461
Trust: 0.8
url:http://www.milw0rm.com/exploits/4965
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/0264
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/39850
Trust: 0.6
url:http://phpnuke.org   
Trust: 0.3
url:http://milw0rm.com/exploits/4965
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/product/13524/
Trust: 0.1
url:http://secunia.com/advisories/28624/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30586 // 
            
            
            
            BID: 27408 // 
            
            
            
            JVNDB: JVNDB-2008-002659 // 
            
            
            
            PACKETSTORM: 62907 // 
            
            
            
            CNNVD: CNNVD-200801-399 // 
            
            
            
            NVD: CVE-2008-0461

CREDITS
Foster & 1dt.w0lf
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200801-399

SOURCES
db:VULHUBid:VHN-30586
db:BIDid:27408
db:JVNDBid:JVNDB-2008-002659
db:PACKETSTORMid:62907
db:CNNVDid:CNNVD-200801-399
db:NVDid:CVE-2008-0461

LAST UPDATE DATE
2025-04-10T23:05:28.833000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-30586date:2017-09-29T00:00:00
db:BIDid:27408date:2015-05-07T17:33:00
db:JVNDBid:JVNDB-2008-002659date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200801-399date:2008-09-05T00:00:00
db:NVDid:CVE-2008-0461date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-30586date:2008-01-25T00:00:00
db:BIDid:27408date:2008-01-22T00:00:00
db:JVNDBid:JVNDB-2008-002659date:2012-06-26T00:00:00
db:PACKETSTORMid:62907date:2008-01-24T03:55:21
db:CNNVDid:CNNVD-200801-399date:2008-01-25T00:00:00
db:NVDid:CVE-2008-0461date:2008-01-25T16:00:00