CVE-2005-4260
PHP-Nuke 7.x - Content Filtering Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
Conflicto de interpretación en includes/mainfile.php en PHP-Nuke 7.9 y anteriores permite a atacantes remotos realizar ataques de secuencias de comandos en sitios cruzados (XSS) reemplazando el ">" en una etiqueta con un "<" lo que evita las expresiones regulares que sanean los datos, pero es automáticamente corregido por muchos navegadores web.
NOTA: podría ser argumentado que esto es debido a una limitación de diseño de muchos navegadores web; si es así, esto no debería ser tratado como una vulnerabilidad de PHP-Nuke.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2005-12-14 First Exploit
- 2005-12-15 CVE Reserved
- 2005-12-15 CVE Published
- 2024-04-05 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/419496/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/419991/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/26817 | 2005-12-14 | |
| http://www.securityfocus.com/bid/15855 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Francisco Burzi Search vendor "Francisco Burzi" | Php-nuke Search vendor "Francisco Burzi" for product "Php-nuke" | 7.0 Search vendor "Francisco Burzi" for product "Php-nuke" and version "7.0" | - |
Affected
| ||||||
| Francisco Burzi Search vendor "Francisco Burzi" | Php-nuke Search vendor "Francisco Burzi" for product "Php-nuke" | 7.1 Search vendor "Francisco Burzi" for product "Php-nuke" and version "7.1" | - |
Affected
| ||||||
| Francisco Burzi Search vendor "Francisco Burzi" | Php-nuke Search vendor "Francisco Burzi" for product "Php-nuke" | 7.2 Search vendor "Francisco Burzi" for product "Php-nuke" and version "7.2" | - |
Affected
| ||||||
| Francisco Burzi Search vendor "Francisco Burzi" | Php-nuke Search vendor "Francisco Burzi" for product "Php-nuke" | 7.3 Search vendor "Francisco Burzi" for product "Php-nuke" and version "7.3" | - |
Affected
| ||||||
| Francisco Burzi Search vendor "Francisco Burzi" | Php-nuke Search vendor "Francisco Burzi" for product "Php-nuke" | 7.6 Search vendor "Francisco Burzi" for product "Php-nuke" and version "7.6" | - |
Affected
| ||||||
| Francisco Burzi Search vendor "Francisco Burzi" | Php-nuke Search vendor "Francisco Burzi" for product "Php-nuke" | 7.7 Search vendor "Francisco Burzi" for product "Php-nuke" and version "7.7" | - |
Affected
| ||||||
| Francisco Burzi Search vendor "Francisco Burzi" | Php-nuke Search vendor "Francisco Burzi" for product "Php-nuke" | 7.8 Search vendor "Francisco Burzi" for product "Php-nuke" and version "7.8" | - |
Affected
| ||||||
| Francisco Burzi Search vendor "Francisco Burzi" | Php-nuke Search vendor "Francisco Burzi" for product "Php-nuke" | 7.9 Search vendor "Francisco Burzi" for product "Php-nuke" and version "7.9" | - |
Affected
| ||||||