VYPR

Ev

by PHP-Nuke

CVEs (3)

  • CVE-2006-0163Jan 11, 2006
    risk 0.04cvss epss 0.07

    SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792.

  • CVE-2006-2828Jun 5, 2006
    risk 0.03cvss epss 0.02

    Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5)…

  • CVE-2006-0679Feb 16, 2006
    risk 0.00cvss epss 0.04

    SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field).