CVE-2004-2007

NukeJokes 1.7 and 2 Beta - Cross-Site Scripting via Cat or JokeID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2007. PoCs published by Janek Vind.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in the NukeJokes module due to lack of input sanitization. It includes example URIs demonstrating potential attack vectors but does not contain executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/24099

The provided text describes SQL injection and XSS vulnerabilities in the NukeJokes module due to lack of input sanitization. It includes example URIs demonstrating potential attack vectors but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: NukeJokes module (likely PHP-Nuke 7.2)
No auth needed
Prerequisites: Access to the vulnerable NukeJokes module
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://www.waraxe.us/index.php?modname=sa&id=28
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108404714232579&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10306
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16096

Scores

EPSS 0.0175
EPSS Percentile 75.0%

Details

Status published
Products (2)
adam_webb/nukejokes 1.7
adam_webb/nukejokes 2.0_beta
Published May 08, 2004
Tracked Since Feb 18, 2026