CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
90.1%
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.
Vendor | Product | Version | CPE |
---|---|---|---|
francisco_burzi | php-nuke | 1.0 | cpe:2.3:a:francisco_burzi:php-nuke:1.0:*:*:*:*:*:*:* |
francisco_burzi | php-nuke | 2.5 | cpe:2.3:a:francisco_burzi:php-nuke:2.5:*:*:*:*:*:*:* |
francisco_burzi | php-nuke | 3.0 | cpe:2.3:a:francisco_burzi:php-nuke:3.0:*:*:*:*:*:*:* |
francisco_burzi | php-nuke | 4.0 | cpe:2.3:a:francisco_burzi:php-nuke:4.0:*:*:*:*:*:*:* |
francisco_burzi | php-nuke | 4.3 | cpe:2.3:a:francisco_burzi:php-nuke:4.3:*:*:*:*:*:*:* |
francisco_burzi | php-nuke | 4.4 | cpe:2.3:a:francisco_burzi:php-nuke:4.4:*:*:*:*:*:*:* |
francisco_burzi | php-nuke | 4.4.1a | cpe:2.3:a:francisco_burzi:php-nuke:4.4.1a:*:*:*:*:*:*:* |
francisco_burzi | php-nuke | 5.0 | cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:* |
francisco_burzi | php-nuke | 5.0.1 | cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:* |
francisco_burzi | php-nuke | 5.1 | cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:* |