Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > May 2005 > PHP-Nuke 7.7 released fixing multiple vulnerabilities (AUSCERT AA-2005.001)

May 2005

PHP-Nuke 7.7 released fixing multiple vulnerabilities (AUSCERT AA-2005.001)

ID: 00379
Ref: 352/05
Date: 05 May 2005:15:06:52
Version: 1
Title: PHP-Nuke 7.7 released fixing multiple vulnerabilities (AUSCERT AA-2005.001)
Abstract: PHP-Nuke versions 7.6 and prior contain multiple SQL injection vulnerabilities as well as several cross-site scripting flaws.
Vendors affected: PHPNuke
Applications affected: PHPNuke


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2005.001 AUSCERT Advisory

PHP-Nuke 7.7 released fixing multiple vulnerabilities
5 May 2005

- - ---------------------------------------------------------------------------

AusCERT Security Bulletin Summary
---------------------------------

Product: PHP-Nuke 7.6 and prior
Operating System: UNIX variants
Windows
Impact: Execute Arbitrary Code/Commands
Cross-site Scripting
Access: Remote/Unauthenticated
CVE Names: CAN-2005-0996 CAN-2005-0997 CAN-2005-0999
CAN-2005-1000 CAN-2005-1023 CAN-2005-1027
CAN-2005-1180

OVERVIEW:

PHP-Nuke versions 7.6 and prior contain multiple SQL injection
vulnerabilities as well as several cross-site scripting flaws.


IMPACT:

1. SQL injection

A remote attacker can execute arbitrary SQL queries on the server.
This makes it easy to take control of the PHP-Nuke site by stealing
authentication passwords.

AusCERT expects that the SQL injection vulnerabilities will be used to
perform website defacements.

Depending on local configuration, SQL injection may also be leveraged
to compromise an account on the server.

2. Cross-site scripting

A remote attacker can cause arbitrary HTML and scripted content to be
executed in the user's web browser in the context of the site using
PHP-Nuke.


MITIGATION:

PHP-Nuke 7.7 has been released fixing these known vulnerabilities.

Users of PHP-Nuke are encouraged to either upgrade to version 7.7 or
else change to a different content management system.

In some cases, organizations are not aware that they have a web server
running the vulnerable software within their network. AusCERT recommends
that network administrators audit their networks for old versions of
PHP-Nuke and other content management systems, and either uninstall or
update them.


DETAILS:

SQL injection vulnerabilities exist in the following components:

Top module
FAQ module
Encyclopedia module
Search module
Downloads module
Web_Links module

Cross-site scripting and/or response splitting vulnerabilities exist
in the following components:

Downloads module
Web_Links module
banners.php
Search module
FAQ module
Encyclopedia module
Your_Account module


REFERENCES:

[1] PHP-Nuke 7.7 changelog
http://phpnuke.org/modules/Release/changelog.txt


AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================

- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQnmimCh9+71yA2DNAQJkZgP+PB8apEcr2aECPrT7+o780vam3oSqb+1i
/y/rMU9g/TwfQ6qt6RSUA5mLbS9yqrJnzu5NrpJCAKzZ2CMZI+xNFLI+fFnsCULj
VZ1RduYa7TjwofwzxCSy9XqIclPwvxXLc4pDDRjzcQhLLn8Ii/FsKREyIlklEW1N
can3ldT89Wg=
=pRPm
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |