CVE-2005-3304

Francisco Burzi Php-nuke - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/32747

View Code ZIP pw:eip

References (9)

[Mailing List] http://marc.info/?l=bugtraq&m=113017049702436&w=2

[Exploit, Vendor Advisory] http://rgod.altervista.org/phpnuke78sql.html

[Vendor Advisory] http://secunia.com/advisories/17315/

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20291

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/22851

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15178

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20292

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20293

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2191

Scores

EPSS 0.0359

EPSS Percentile 87.8%

Details

Status published

Products (1)

francisco_burzi/php-nuke 7.8

Published Oct 26, 2005

Tracked Since Feb 18, 2026