var-200212-0099
Vulnerability from variot
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. PHPNuke is a website creation/maintenance tool. It is can be back-ended by a number of database products such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. Access to the debugging feature is not restricted to administrators. This may be used by a remote attacker to disclose sensitive information about the database which may contribute to further attacks against the website running PHPNuke and the database. It is not known whether PostNuke is also affected by this issue
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "4.4"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "4.4.1a"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.0.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "4.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "3.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "4.3"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "2.5"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "1.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "5.4"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "5.2a"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "5.3.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.0,
"vendor": "francisco burzi",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.3.1"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.4.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.3"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "4.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "3.0"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "2.5"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "3906"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-243"
},
{
"db": "NVD",
"id": "CVE-2002-2032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cabezon Aurelien\u203b aurelien.cabezon@isecurelabs.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-243"
}
],
"trust": 0.6
},
"cve": "CVE-2002-2032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2032",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6415",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2032",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-243",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6415",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6415"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-243"
},
{
"db": "NVD",
"id": "CVE-2002-2032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. PHPNuke is a website creation/maintenance tool. It is can be back-ended by a number of database products such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. Access to the debugging feature is not restricted to administrators. \nThis may be used by a remote attacker to disclose sensitive information about the database which may contribute to further attacks against the website running PHPNuke and the database. \nIt is not known whether PostNuke is also affected by this issue",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2032"
},
{
"db": "BID",
"id": "3906"
},
{
"db": "VULHUB",
"id": "VHN-6415"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-6415",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6415"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3906",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-2032",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-243",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "2145",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21233",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75068",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-6415",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6415"
},
{
"db": "BID",
"id": "3906"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-243"
},
{
"db": "NVD",
"id": "CVE-2002-2032"
}
]
},
"id": "VAR-200212-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6415"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:51:33.647000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/3906"
},
{
"trust": 2.7,
"url": "http://www.securityfaq.com/unixfocus/5op041p6be.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/2145"
},
{
"trust": 0.3,
"url": "http://www.irannuke.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6415"
},
{
"db": "BID",
"id": "3906"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-243"
},
{
"db": "NVD",
"id": "CVE-2002-2032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6415"
},
{
"db": "BID",
"id": "3906"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-243"
},
{
"db": "NVD",
"id": "CVE-2002-2032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6415"
},
{
"date": "2002-01-18T00:00:00",
"db": "BID",
"id": "3906"
},
{
"date": "2002-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-243"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6415"
},
{
"date": "2002-01-18T00:00:00",
"db": "BID",
"id": "3906"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-243"
},
{
"date": "2024-11-20T23:42:42.697000",
"db": "NVD",
"id": "CVE-2002-2032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-243"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke SQL_Debug Debugging Information Disclosure Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-243"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "3906"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-243"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…