CVE-2004-1932

Published: Apr 12, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.

Affected (14)

Products: Francisco Burzi: Php Nuke

Francisco Burzi

1 product

Php Nuke

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Francisco Burzi Php Nuke	Version 6.0
Francisco Burzi Php Nuke	Version 6.5
Francisco Burzi Php Nuke	Version 6.5_beta1
Francisco Burzi Php Nuke	Version 6.5_final
Francisco Burzi Php Nuke	Version 6.5_rc1
Francisco Burzi Php Nuke	Version 6.5_rc2
Francisco Burzi Php Nuke	Version 6.5_rc3
Francisco Burzi Php Nuke	Version 6.6
Francisco Burzi Php Nuke	Version 6.7
Francisco Burzi Php Nuke	Version 6.9
Francisco Burzi Php Nuke	Version 7.0
Francisco Burzi Php Nuke	Version 7.0_final
Francisco Burzi Php Nuke	Version 7.1
Francisco Burzi Php Nuke	Version 7.2

References (6)

http://marc.info/?l=bugtraq&m=108180334918576&w=2

Source: cve@mitre.org

http://www.waraxe.us/index.php?modname=sa&id=18

Source: cve@mitre.org

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/15835

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108180334918576&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.waraxe.us/index.php?modname=sa&id=18

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/15835

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.