PT-2004-3248 · Php Nuke · 4Nguestbook+1

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2354

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: 4nGuestbook version 0.92 for PHP-Nuke versions 6.5 through 6.9

Description: The issue allows remote attackers to modify SQL statements via the entry parameter to "modules.php", which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.

Recommendations: For 4nGuestbook version 0.92, consider restricting access to the "modules.php" endpoint until a patch is available. Avoid using the entry parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2354

Affected Products

4Nguestbook

Php-Nuke

PT-2004-3248 · Php Nuke · 4Nguestbook+1

CVE-2004-2354

Related Identifiers

Affected Products

References · 4