VYPR

PHP Nuke

by PHP-Nuke

CVEs (121)

  • CVE-2004-0732Jul 27, 2004
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.

  • CVE-2004-0736Jul 27, 2004
    risk 0.00cvss epss 0.01

    The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.

  • CVE-2004-0731Jul 27, 2004
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.

  • CVE-2004-1998May 5, 2004
    risk 0.00cvss epss 0.01

    The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message.

  • CVE-2004-1999May 5, 2004
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.

  • CVE-2004-1984May 2, 2004
    risk 0.00cvss epss 0.03

    Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path…

  • CVE-2004-1840Mar 22, 2004
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or…

  • CVE-2004-1839Mar 22, 2004
    risk 0.00cvss epss 0.01

    MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.

  • CVE-2003-1526Dec 31, 2003
    risk 0.00cvss epss 0.01

    PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.

  • CVE-2003-1547Dec 31, 2003
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.

  • CVE-2003-0279Jun 16, 2003
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.

  • CVE-2003-0318Jun 9, 2003
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.

  • CVE-2001-1522Dec 31, 2001
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.

  • CVE-2001-0854Dec 6, 2001
    risk 0.00cvss epss 0.01

    PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.

  • CVE-2001-0911Nov 21, 2001
    risk 0.00cvss epss 0.04

    PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.

  • CVE-2001-1032Sep 24, 2001
    risk 0.00cvss epss 0.03

    admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and…

  • CVE-2001-1025Aug 31, 2001
    risk 0.00cvss epss 0.03

    PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.

  • CVE-2001-0001Jun 2, 2001
    risk 0.00cvss epss 0.02

    cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.

  • CVE-2001-0321May 3, 2001
    risk 0.00cvss epss 0.02

    opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.

  • CVE-2001-0320May 3, 2001
    risk 0.00cvss epss 0.03

    bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.

Page 6 of 7