CVE-2003-0279 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Key SSVC decision points have not yet been added.

Vendors	Products
Francisco Burzi	Php-nuke

Configuration 1 [-]

OR	cpe:2.3:a:francisco_burzi:php-nuke:5.0:::::::*
	cpe:2.3:a:francisco_burzi:php-nuke:6.0:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2003-0274	Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html
http://marc.info/?l=bugtraq&m=105276019312980&w=2
http://www.securityfocus.com/bid/7558
http://www.securityfocus.com/bid/7588
https://exchange.xforce.ibmcloud.com/vulnerabilities/11984

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-05-14T04:00:00

Updated: 2024-08-08T01:50:47.417Z

Reserved: 2003-05-12T00:00:00

Link: CVE-2003-0279

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2003-06-16T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2003-0279

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030512 Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105276019312980&w=2"}, {"name": "7588", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/7588"}, {"name": "7558", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/7558"}, {"name": "20030513 More and More SQL injection on PHP-Nuke 6.5.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html"}, {"name": "phpnuke-web-sql-injection(11984)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0279", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030512 Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105276019312980&w=2"}, {"name": "7588", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7588"}, {"name": "7558", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7558"}, {"name": "20030513 More and More SQL injection on PHP-Nuke 6.5.", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html"}, {"name": "phpnuke-web-sql-injection(11984)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:50:47.417Z"}, "title": "CVE Program Container", "references": [{"name": "20030512 Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105276019312980&w=2"}, {"name": "7588", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/7588"}, {"name": "7558", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/7558"}, {"name": "20030513 More and More SQL injection on PHP-Nuke 6.5.", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html"}, {"name": "phpnuke-web-sql-injection(11984)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0279", "datePublished": "2003-05-14T04:00:00", "dateReserved": "2003-05-12T00:00:00", "dateUpdated": "2024-08-08T01:50:47.417Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "93B755A9-694E-49FA-9068-353203AF9965", "vulnerable": true}, {"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "91CC84AB-0BA6-45BE-9DE8-7243FBF00EB8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el m\u00f3dulo Web_Links para PHP-Nuke 5.x hasta 6.5 permite que atacantes remotos roben informaci\u00f3n mediante campos num\u00e9ricos, como se ha demostrado usando (1) la funci\u00f3n viewlink y el par\u00e1metro cid, o (2) index.php."}], "id": "CVE-2003-0279", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-06-16T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105276019312980&w=2"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/7558"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/7588"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=105276019312980&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/7558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/7588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}