Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-0266. PoCs published by Janek Vind.
AI-analyzed exploit summary This exploit leverages a time-based blind SQL injection vulnerability in PHP-Nuke's public message feature to extract the admin password hash. It uses benchmark delays to infer characters of the hash.
Description
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Janek Vind · perlwebappsphp
https://www.exploit-db.com/exploits/23670
This exploit leverages a time-based blind SQL injection vulnerability in PHP-Nuke's public message feature to extract the admin password hash. It uses benchmark delays to infer characters of the hash.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
PHP-Nuke (version not specified)
No auth needed
Prerequisites:
Target must be running vulnerable PHP-Nuke · Public message feature must be enabled
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9615
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15080
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107635110327066&w=2
Scores
EPSS
0.0205
EPSS Percentile
78.7%
Details
Status
published
Products (13)
francisco_burzi/php-nuke
6.0
francisco_burzi/php-nuke
6.5
francisco_burzi/php-nuke
6.5_beta1
francisco_burzi/php-nuke
6.5_final
francisco_burzi/php-nuke
6.5_rc1
francisco_burzi/php-nuke
6.5_rc2
francisco_burzi/php-nuke
6.5_rc3
francisco_burzi/php-nuke
6.6
francisco_burzi/php-nuke
6.7
francisco_burzi/php-nuke
6.9
... and 3 more
Published
Nov 23, 2004
Tracked Since
Feb 18, 2026