CVE-2006-5525

Published Oct 26, 2006

Last updated 7 years ago

CVSS info 5.1

Overview

Description: Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phpnuke:php-nuke:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BC56275-9F65-43B6-A091-68FB42968C2C",
            "versionEndIncluding": "7.9"
          },
          {
            "criteria": "cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5E8572B-43BE-4068-929F-2B6FAA9EF959"
          },
          {
            "criteria": "cpe:2.3:a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8882C59-6721-4925-8EB6-1C54455BD03B"
          },
          {
            "criteria": "cpe:2.3:a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C6F6110-F77B-42CE-BAD0-0AEAFC04E982"
          },
          {
            "criteria": "cpe:2.3:a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "017A5AD3-CD1C-41E0-B53D-3881C31F7463"
          },
          {
            "criteria": "cpe:2.3:a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68BA9153-537A-4CC5-A3E8-DE4FCF49EB52"
          },
          {
            "criteria": "cpe:2.3:a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7481433-4DFA-4D32-BA93-FBEAC37D8D67"
          },
          {
            "criteria": "cpe:2.3:a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85535C0D-C858-4AF8-8350-EFBF74609CBB"
          },
          {
            "criteria": "cpe:2.3:a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CC4F979-7F10-4F0D-96AD-5EE88E437897"
          },
          {
            "criteria": "cpe:2.3:a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A3B4A35-6019-468E-89FA-BC2EEADB7D31"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References