VYPR

Downloads Module

by PHP-Nuke

CVEs (4)

  • CVE-2009-0302Jan 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.

  • CVE-2003-1210Dec 31, 2003
    risk 0.03cvss epss 0.05

    Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.

  • CVE-2005-0996May 2, 2005
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in…

  • CVE-2004-1998May 5, 2004
    risk 0.00cvss epss 0.01

    The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message.