CVE-2004-2019 (CNNVD-200412-932)
中文标题:
PHP-Nuke多个输入验证漏洞
英文标题:
The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive informat...
漏洞描述
中文描述:
PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。 PHP-Nuke多处不正确处理用户提交的数据,远程攻击者可以利用这个漏洞进行跨站脚本,路径泄露,敏感信息泄露等攻击。 A. 路径泄露 "WebLinks"模块对"show"变量缺少过滤,可导致路径泄露: http://localhost/nuke73/modules.php?name=Web_Links&l_op=viewlink&cid=1&show=foobar Warning: Division by zero in D:\apache_wwwroot\nuke73\modules\Web_Links\index.php on \ line 774 B. 多个模块对变量缺少充分过滤,可导致跨站脚本攻击,使的目标用户敏感信息泄露: http://localhost/nuke73/modules.php?name=News&file=article&sid=1&optionbox=[xss code \here] http://localhost/nuke73/modules.php?name=Statistics&op=DailyStats&year=2004&month=5&da \te=[xss code here] http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=[xss code \ here]&month=05&month_l=May \ http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=2004&month \ =[xss code here]&month_l=May \ http://localhost/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=2004&month \ =05&month_l=[xss code here] http://localhost/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1 \ &mode=[xss code here]&order=0&thold=0 \ http://localhost/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1 \ &mode=thread&order=[xss code here]&thold=0 \ http://localhost/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1 \ &mode=thread&order=&thold=[xss code here]
英文描述:
The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| francisco_burzi | php-nuke | 6.0 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 6.5 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 6.5_beta1 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 6.5_final | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 6.5_rc1 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 6.5_rc2 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 6.5_rc3 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 6.6 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 6.7 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 6.9 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 7.0 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 7.0_final | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 7.1 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 7.2 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*
|
| francisco_burzi | php-nuke | 7.3 | - | - |
cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
AV:N/AC:L/Au:N/C:P/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2004-2019 |
2025-11-11 15:17:31 | 2025-11-11 07:32:23 |
| NVD | nvd_CVE-2004-2019 |
2025-11-11 14:50:55 | 2025-11-11 07:41:09 |
| CNNVD | cnnvd_CNNVD-200412-932 |
2025-11-11 15:08:44 | 2025-11-11 07:48:56 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200412-932
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.0
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:N/A:N
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 15
- data_sources: ['cve'] -> ['cve', 'nvd']