Lucene search
HistoryFeb 28, 2006 - 2:02 a.m.
CVE-2006-0908
php-nuke
sql injection
cve-2006-0908
remote attackers
8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.3%
PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the “ad_click” word in the query string, as demonstrated via the kala parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| francisco_burzi:php-nuke | francisco burzi php-nuke | eq | 7.8_patched_3.2 |
Related
prion
prion
Sql injection
2006-02-28 02:02:00
openvas
openvas
Debian Security Advisory DSA 1264-1 (php4)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 1264-1] New php4 packages fix several vulnerabilities
2007-03-07 22:04:16
8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.3%
Related for CVE-2006-0908