CVE-2004-0269

PHP-Nuke <= 6.9 - SQL Injection via Search Category or Web_Links Admin Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-0269. PoCs published by pokleyzz, Albert Puigsech Galicia.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in PHPNuke 6.x and 5.x by manipulating the 'category' parameter in the search module to extract the admin password hash. It uses a brute-force approach to retrieve the hash character by character via ASCII values.

Description

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.

Exploits (2)

exploitdb WORKING POC VERIFIED
by pokleyzz · phpwebappsphp
https://www.exploit-db.com/exploits/23680

This exploit targets a SQL injection vulnerability in PHPNuke 6.x and 5.x by manipulating the 'category' parameter in the search module to extract the admin password hash. It uses a brute-force approach to retrieve the hash character by character via ASCII values.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: PHPNuke 6.x and 5.x
No auth needed
Prerequisites: PHP 4.x with cURL extension · Target URL and author ID
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Albert Puigsech Galicia · textwebappsphp
https://www.exploit-db.com/exploits/22589

The writeup describes a SQL injection vulnerability in the Web_Links module of PHPNuke, allowing remote attackers to inject arbitrary SQL code via the 'cid' parameter. No actual exploit code is provided, only a description and example URL.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PHPNuke Web_Links module
No auth needed
Prerequisites: Access to the vulnerable PHPNuke instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9630
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107643348117646&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15115
Various Sources x_refsource_misc
http://www.scan-associates.net/papers/phpnuke69.txt

Scores

EPSS 0.0809
EPSS Percentile 94.1%

Details

Status published
Products (26)
francisco_burzi/php-nuke 1.0
francisco_burzi/php-nuke 2.5
francisco_burzi/php-nuke 3.0
francisco_burzi/php-nuke 4.0
francisco_burzi/php-nuke 4.3
francisco_burzi/php-nuke 4.4
francisco_burzi/php-nuke 4.4.1a
francisco_burzi/php-nuke 5.0
francisco_burzi/php-nuke 5.0.1
francisco_burzi/php-nuke 5.1
... and 16 more
Published Nov 23, 2004
Tracked Since Feb 18, 2026