VYPR

PHP Nuke

by PHP-Nuke

CVEs (121)

  • CVE-2006-0908Feb 28, 2006
    risk 0.00cvss epss 0.02

    PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter.

  • CVE-2006-0907Feb 28, 2006
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated…

  • CVE-2006-0679Feb 16, 2006
    risk 0.00cvss epss 0.04

    SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field).

  • CVE-2005-4715Dec 31, 2005
    risk 0.00cvss epss 0.04

    Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are…

  • CVE-2005-3016Sep 21, 2005
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors.

  • CVE-2005-1386May 3, 2005
    risk 0.00cvss epss 0.01

    PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php),…

  • CVE-2005-1024May 2, 2005
    risk 0.00cvss epss 0.02

    modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message.

  • CVE-2005-0998May 2, 2005
    risk 0.00cvss epss 0.01

    The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server.

  • CVE-2005-1180May 2, 2005
    risk 0.00cvss epss 0.01

    HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.

  • CVE-2005-1028May 2, 2005
    risk 0.00cvss epss 0.01

    PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.

  • CVE-2005-0996May 2, 2005
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in…

  • CVE-2005-1001May 2, 2005
    risk 0.00cvss epss 0.01

    PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.

  • CVE-2005-0434Feb 15, 2005
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation.

  • CVE-2005-0433Feb 15, 2005
    risk 0.00cvss epss 0.02

    Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message.

  • CVE-2004-2296Dec 31, 2004
    risk 0.00cvss epss 0.02

    The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.

  • CVE-2004-2020Dec 31, 2004
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters…

  • CVE-2004-2354Dec 31, 2004
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.

  • CVE-2004-2019Dec 31, 2004
    risk 0.00cvss epss 0.02

    The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.

  • CVE-2004-0732Jul 27, 2004
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.

  • CVE-2004-0738Jul 27, 2004
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.

Page 5 of 7