FreeBSD : Several vulnerabilities found in PHPNuke (33ab4a47-bfc1-11d8-b00e-000347a4fa7d)

medium Nessus Plugin ID 37115

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Janek Vind 'waraxe' reports that several issues in the PHPNuke software may be exploited via carefully crafted URL requests. These URLs will permit the injection of SQL code, cookie theft, and the readability of the PHPNuke administrator account.

Solution

Update the affected package.

See Also

http://www.waraxe.us/index.php?modname=sa&id=27

http://www.nessus.org/u?20fafa48

Plugin Details

Severity: Medium

ID: 37115

File Name: freebsd_pkg_33ab4a47bfc111d8b00e000347a4fa7d.nasl

Version: 1.14

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.8

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpnuke, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/3/2004

Vulnerability Publication Date: 5/5/2004

Reference Information

CVE: CVE-2003-0279, CVE-2003-0318, CVE-2004-0266, CVE-2004-0269

Secunia: 11920