CVE-2003-1210

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1210
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
francisco_burzi / php-nuke	6.5_beta1	6.5_beta1.x
francisco_burzi / php-nuke	6.5_rc2	6.5_rc2.x
francisco_burzi / php-nuke	6.5_rc3	6.5_rc3.x
francisco_burzi / php-nuke	-	6.5.x
francisco_burzi / php-nuke	6.5_final	6.5_final.x
francisco_burzi / php-nuke	6.5_rc1	6.5_rc1.x

http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html
http://www.securityfocus.com/bid/7588
https://exchange.xforce.ibmcloud.com/vulnerabilities/11984

Vulnerability Database

289,697

CVE-2003-1210