VYPR

PHP Nuke

by PHP-Nuke

CVEs (121)

  • CVE-2004-2297Dec 31, 2004
    risk 0.03cvss epss 0.04

    The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter.

  • CVE-2004-2295Dec 31, 2004
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter.

  • CVE-2004-2294Dec 31, 2004
    risk 0.03cvss epss 0.02

    Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is…

  • CVE-2004-0266Nov 23, 2004
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.

  • CVE-2004-0265Nov 23, 2004
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.

  • CVE-2004-2000May 5, 2004
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php.

  • CVE-2004-1985Apr 30, 2004
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.

  • CVE-2004-1972Apr 26, 2004
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action.

  • CVE-2004-1930Apr 12, 2004
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.

  • CVE-2004-1932Apr 12, 2004
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.

  • CVE-2004-1830Mar 18, 2004
    risk 0.03cvss epss 0.03

    error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.

  • CVE-2004-1817Mar 15, 2004
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.

  • CVE-2003-1400Dec 31, 2003
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.

  • CVE-2003-1210Dec 31, 2003
    risk 0.03cvss epss 0.05

    Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.

  • CVE-2003-1468Dec 31, 2003
    risk 0.03cvss epss 0.02

    The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.

  • CVE-2003-1435Dec 31, 2003
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.

  • CVE-2002-2032Dec 31, 2002
    risk 0.03cvss epss 0.06

    sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.

  • CVE-2002-1995Dec 31, 2002
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter.

  • CVE-2002-1803Dec 31, 2002
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.

  • CVE-2002-1242Nov 12, 2002
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php.

Page 3 of 7