CVE-2004-0266

Francisco Burzi Php-nuke - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Janek Vind · perlwebappsphp

https://www.exploit-db.com/exploits/23670

View Code ZIP pw:eip

References (3)

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/9615

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15080

[Mailing List] http://marc.info/?l=bugtraq&m=107635110327066&w=2

Scores

EPSS 0.0003

EPSS Percentile 7.2%

Details

Status published

Products (13)

francisco_burzi/php-nuke 6.0

francisco_burzi/php-nuke 6.5

francisco_burzi/php-nuke 6.5_beta1

francisco_burzi/php-nuke 6.5_final

francisco_burzi/php-nuke 6.5_rc1

francisco_burzi/php-nuke 6.5_rc2

francisco_burzi/php-nuke 6.5_rc3

francisco_burzi/php-nuke 6.6

francisco_burzi/php-nuke 6.7

francisco_burzi/php-nuke 6.9

... and 3 more

Published Nov 23, 2004

Tracked Since Feb 18, 2026