CVE-2004-0738

Properties

Published:
26.07.2004
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
Francisco Burzi: PHP-Nuke

Vulnerability description

Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.

References:

Bugtraq: http://marc.theaimsgroup.com/?l=bugtraq&m=109026609504767&w=2
ISS X-Force: http://xforce.iss.net/xforce/xfdb/16737
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=109026609504767&w=2