CVE-2008-7038 - OpenCVE

SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Maxdev	My Egallery
Phpnuke	Php-nuke

Configuration 1 [-]

AND

cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*

cpe:2.3:a:maxdev:my_egallery:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/51021
http://www.securityfocus.com/archive/1/488916/100/100/threaded
http://www.securityfocus.com/bid/28030
https://exchange.xforce.ibmcloud.com/vulnerabilities/40910
https://www.exploit-db.com/exploits/5203
https://www.exploit-db.com/exploits/5242

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-24T10:00:00

Updated: 2024-08-07T11:49:02.997Z

Reserved: 2009-08-23T00:00:00

Link: CVE-2008-7038

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-08-24T10:30:01.890

Modified: 2018-10-11T20:58:06.893

Link: CVE-2008-7038

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-28T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28030", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28030"}, {"name": "20080228 PHP-Nuke My_eGallery \"gid\" Remote SQL Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488916/100/100/threaded"}, {"name": "myegallery-gid-sql-injection(40910)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910"}, {"name": "5203", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5203"}, {"name": "5242", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5242"}, {"name": "51021", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/51021"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-7038", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28030", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28030"}, {"name": "20080228 PHP-Nuke My_eGallery \"gid\" Remote SQL Injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488916/100/100/threaded"}, {"name": "myegallery-gid-sql-injection(40910)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910"}, {"name": "5203", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5203"}, {"name": "5242", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5242"}, {"name": "51021", "refsource": "OSVDB", "url": "http://osvdb.org/51021"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:49:02.997Z"}, "title": "CVE Program Container", "references": [{"name": "28030", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28030"}, {"name": "20080228 PHP-Nuke My_eGallery \"gid\" Remote SQL Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/488916/100/100/threaded"}, {"name": "myegallery-gid-sql-injection(40910)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910"}, {"name": "5203", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5203"}, {"name": "5242", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5242"}, {"name": "51021", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/51021"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-7038", "datePublished": "2009-08-24T10:00:00", "dateReserved": "2009-08-23T00:00:00", "dateUpdated": "2024-08-07T11:49:02.997Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C438592-FF60-49D4-A15D-D1C08BCCCBAA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:maxdev:my_egallery:-:*:*:*:*:*:*:*", "matchCriteriaId": "1943F997-8B2F-49C9-B6E9-6E5331309853", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo My_eGallery para PHP-Nuke, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro gid en una acci\u00f3n showgall sobre modules.php. Nota: este asunto fue revelado por un investigador poco fiable, por lo que la informaci\u00f3n podr\u00eda ser incorrecta."}], "id": "CVE-2008-7038", "lastModified": "2018-10-11T20:58:06.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-24T10:30:01.890", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://osvdb.org/51021"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/488916/100/100/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/28030"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40910"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5203"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5242"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}