CVE-2004-2293

PHP-Nuke 6.0-7.3 - Cross-Site Scripting via Encyclopedia and Reviews Module Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2293. PoCs published by Janek Vind.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in PHP-Nuke, including XSS, SQL injection, and DoS, but does not contain actual exploit code. It outlines attack vectors and affected modules.

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Janek Vind · textwebappsphp

https://www.exploit-db.com/exploits/24191

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in PHP-Nuke, including XSS, SQL injection, and DoS, but does not contain actual exploit code. It outlines attack vectors and affected modules.

Classification

Writeup 90%

Attack Type

Xss | Sqli | Dos

Complexity

Trivial

Reliability

Theoretical

Target: PHP-Nuke (versions not specified)

No auth needed

Prerequisites: Access to vulnerable PHP-Nuke instance

MITRE ATT&CK