CVE-2004-0269

Francisco Burzi Php-nuke - SQL Injection

Title source: rule

Description

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.

Exploits (2)

exploitdb WORKING POC VERIFIED

by pokleyzz · phpwebappsphp

https://www.exploit-db.com/exploits/23680

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Albert Puigsech Galicia · textwebappsphp

https://www.exploit-db.com/exploits/22589

View Code ZIP pw:eip

References (4)

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/9630

[Mailing List] http://marc.info/?l=bugtraq&m=107643348117646&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15115

[Various Sources] http://www.scan-associates.net/papers/phpnuke69.txt

Scores

EPSS 0.0010

EPSS Percentile 27.8%

Details

Status published

Products (26)

francisco_burzi/php-nuke 1.0

francisco_burzi/php-nuke 2.5

francisco_burzi/php-nuke 3.0

francisco_burzi/php-nuke 4.0

francisco_burzi/php-nuke 4.3

francisco_burzi/php-nuke 4.4

francisco_burzi/php-nuke 4.4.1a

francisco_burzi/php-nuke 5.0

francisco_burzi/php-nuke 5.0.1

francisco_burzi/php-nuke 5.1

... and 16 more

Published Nov 23, 2004

Tracked Since Feb 18, 2026