ID CVE-2007-0372Type cveReporter cve@mitre.orgModified 2018-10-16T16:32:00
Description
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section.
{"id": "CVE-2007-0372", "bulletinFamily": "NVD", "title": "CVE-2007-0372", "description": "Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section.", "published": "2007-01-19T23:28:00", "modified": "2018-10-16T16:32:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0372", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/459174/100/0/threaded", "http://osvdb.org/33701", "http://osvdb.org/33700", "http://www.hackers.ir/advisories/festival.txt", "http://osvdb.org/33702", "http://osvdb.org/33698", "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html", "http://osvdb.org/33699", "http://www.securityfocus.com/bid/22116"], "cvelist": ["CVE-2007-0372"], "type": "cve", "lastseen": "2020-10-03T11:45:49", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:33700", "OSVDB:33701", "OSVDB:33702", "OSVDB:33698", "OSVDB:33699"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7053"]}], "modified": "2020-10-03T11:45:49", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2020-10-03T11:45:49", "rev": 2}, "vulnersScore": 7.5}, "cpe": ["cpe:/a:francisco_burzi:php-nuke:7.9"], "affectedSoftware": [{"cpeName": "francisco_burzi:php-nuke", "name": "francisco burzi php-nuke", "operator": "eq", "version": "7.9"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:francisco_burzi:php-nuke:7.9:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.9:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0372"], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 33699](https://vulners.com/osvdb/OSVDB:33699)\n[Related OSVDB ID: 33702](https://vulners.com/osvdb/OSVDB:33702)\n[Related OSVDB ID: 33698](https://vulners.com/osvdb/OSVDB:33698)\n[Related OSVDB ID: 33700](https://vulners.com/osvdb/OSVDB:33700)\nOther Advisory URL: http://www.hackers.ir/advisories/festival.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0047.html\n[CVE-2007-0372](https://vulners.com/cve/CVE-2007-0372)\nBugtraq ID: 22116\n", "edition": 1, "modified": "2007-02-04T19:00:30", "published": "2007-02-04T19:00:30", "href": "https://vulners.com/osvdb/OSVDB:33701", "id": "OSVDB:33701", "title": "PHP-Nuke Weblinks Section Reviews Section Unspecified SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0372"], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 33699](https://vulners.com/osvdb/OSVDB:33699)\n[Related OSVDB ID: 33701](https://vulners.com/osvdb/OSVDB:33701)\n[Related OSVDB ID: 33702](https://vulners.com/osvdb/OSVDB:33702)\n[Related OSVDB ID: 33700](https://vulners.com/osvdb/OSVDB:33700)\nOther Advisory URL: http://www.hackers.ir/advisories/festival.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0047.html\n[CVE-2007-0372](https://vulners.com/cve/CVE-2007-0372)\nBugtraq ID: 22116\n", "edition": 1, "modified": "2007-02-04T19:00:30", "published": "2007-02-04T19:00:30", "href": "https://vulners.com/osvdb/OSVDB:33698", "id": "OSVDB:33698", "title": "PHP-Nuke admin/modules/modules.php active Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0372"], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 33701](https://vulners.com/osvdb/OSVDB:33701)\n[Related OSVDB ID: 33702](https://vulners.com/osvdb/OSVDB:33702)\n[Related OSVDB ID: 33698](https://vulners.com/osvdb/OSVDB:33698)\n[Related OSVDB ID: 33700](https://vulners.com/osvdb/OSVDB:33700)\nOther Advisory URL: http://www.hackers.ir/advisories/festival.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0047.html\n[CVE-2007-0372](https://vulners.com/cve/CVE-2007-0372)\nBugtraq ID: 22116\n", "edition": 1, "modified": "2007-02-04T19:00:30", "published": "2007-02-04T19:00:30", "href": "https://vulners.com/osvdb/OSVDB:33699", "id": "OSVDB:33699", "title": "PHP-Nuke modules/Advertising/admin/index.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0372"], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 33699](https://vulners.com/osvdb/OSVDB:33699)\n[Related OSVDB ID: 33701](https://vulners.com/osvdb/OSVDB:33701)\n[Related OSVDB ID: 33698](https://vulners.com/osvdb/OSVDB:33698)\n[Related OSVDB ID: 33700](https://vulners.com/osvdb/OSVDB:33700)\nOther Advisory URL: http://www.hackers.ir/advisories/festival.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0047.html\n[CVE-2007-0372](https://vulners.com/cve/CVE-2007-0372)\nBugtraq ID: 22116\n", "edition": 1, "modified": "2007-02-04T19:00:30", "published": "2007-02-04T19:00:30", "href": "https://vulners.com/osvdb/OSVDB:33702", "id": "OSVDB:33702", "title": "PHP-Nuke Reviews Section Unspecified SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0372"], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 33699](https://vulners.com/osvdb/OSVDB:33699)\n[Related OSVDB ID: 33701](https://vulners.com/osvdb/OSVDB:33701)\n[Related OSVDB ID: 33702](https://vulners.com/osvdb/OSVDB:33702)\n[Related OSVDB ID: 33698](https://vulners.com/osvdb/OSVDB:33698)\nOther Advisory URL: http://www.hackers.ir/advisories/festival.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0047.html\n[CVE-2007-0372](https://vulners.com/cve/CVE-2007-0372)\nBugtraq ID: 22116\n", "edition": 1, "modified": "2007-02-04T19:00:30", "published": "2007-02-04T19:00:30", "href": "https://vulners.com/osvdb/OSVDB:33700", "id": "OSVDB:33700", "title": "PHP-Nuke Advertising Section Reviews Section Unspecified SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "bulletinFamily": "software", "cvelist": ["CVE-2007-0309", "CVE-2007-0329", "CVE-2007-0340", "CVE-2007-0306", "CVE-2007-0301", "CVE-2007-0372", "CVE-2007-0863", "CVE-2007-0682"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2007-01-15T00:00:00", "published": "2007-01-15T00:00:00", "id": "SECURITYVULNS:VULN:7053", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7053", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
