- Description
- PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93B755A9-694E-49FA-9068-353203AF9965"
},
{
"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA0B88AD-CACF-4E48-A4B1-313FFE32D058"
}
],
"operator": "OR"
}
]
}
]