Vendor CVEs
PHP-Nuke
All CVEs
174 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2020 | Hig | 0.49 | 7.5 | 0.02 | Apr 30, 2008 | The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and… | ||
| CVE-2007-1061 | 0.08 | — | 0.61 | Feb 22, 2007 | SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). | |||
| CVE-2005-3792 | 0.07 | — | 0.44 | Nov 24, 2005 | Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. | |||
| CVE-2006-0163 | 0.04 | — | 0.07 | Jan 11, 2006 | SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. | |||
| CVE-2004-0269 | 0.04 | — | 0.08 | Nov 23, 2004 | SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. | |||
| CVE-2004-2044 | 0.04 | — | 0.11 | Jun 1, 2004 | PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to… | |||
| CVE-2004-1989 | 0.04 | — | 0.09 | Apr 30, 2004 | PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. | |||
| CVE-2004-1988 | 0.04 | — | 0.09 | Apr 30, 2004 | PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php. | |||
| CVE-2004-1929 | 0.04 | — | 0.07 | Apr 13, 2004 | SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. | |||
| CVE-2004-1986 | 0.04 | — | 0.11 | Apr 4, 2004 | Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. | |||
| CVE-2002-0483 | 0.04 | — | 0.08 | Aug 12, 2002 | index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. | |||
| CVE-2002-0206 | 0.04 | — | 0.07 | May 16, 2002 | index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. | |||
| CVE-2001-0900 | 0.04 | — | 0.08 | Nov 18, 2001 | Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. | |||
| CVE-2001-0383 | 0.04 | — | 0.06 | Jun 18, 2001 | banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. | |||
| CVE-2000-0745 | 0.04 | — | 0.12 | Oct 20, 2000 | admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter. | |||
| CVE-2014-3934 | 0.03 | — | 0.02 | Jun 2, 2014 | SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | |||
| CVE-2010-5083 | 0.03 | — | 0.01 | Feb 14, 2012 | SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php. | |||
| CVE-2008-7226 | 0.03 | — | 0.01 | Sep 14, 2009 | SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter. | |||
| CVE-2008-7038 | 0.03 | — | 0.01 | Aug 24, 2009 | SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | |||
| CVE-2008-6779 | 0.03 | — | 0.01 | May 1, 2009 | SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php. | |||
| CVE-2009-0302 | 0.03 | — | 0.01 | Jan 27, 2009 | SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php. | |||
| CVE-2008-5039 | 0.03 | — | 0.01 | Nov 12, 2008 | Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php. | |||
| CVE-2008-4767 | 0.03 | — | 0.04 | Oct 28, 2008 | Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of… | |||
| CVE-2008-3573 | 0.03 | — | 0.02 | Aug 10, 2008 | The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation… | |||
| CVE-2008-3512 | 0.03 | — | 0.01 | Aug 7, 2008 | SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php. | |||
| CVE-2008-3513 | 0.03 | — | 0.01 | Aug 7, 2008 | SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php. | |||
| CVE-2008-3151 | 0.03 | — | 0.01 | Jul 11, 2008 | SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action. | |||
| CVE-2008-1680 | 0.03 | — | 0.02 | Apr 4, 2008 | PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc. | |||
| CVE-2008-1539 | 0.03 | — | 0.01 | Mar 28, 2008 | SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module. | |||
| CVE-2008-1348 | 0.03 | — | 0.01 | Mar 17, 2008 | Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php. | |||
| CVE-2008-1315 | 0.03 | — | 0.01 | Mar 13, 2008 | SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php. | |||
| CVE-2008-1298 | 0.03 | — | 0.01 | Mar 12, 2008 | SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php. | |||
| CVE-2008-1314 | 0.03 | — | 0.01 | Mar 12, 2008 | SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php. | |||
| CVE-2008-1308 | 0.03 | — | 0.01 | Mar 12, 2008 | SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php. | |||
| CVE-2008-1219 | 0.03 | — | 0.01 | Mar 10, 2008 | SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php. | |||
| CVE-2008-1220 | 0.03 | — | 0.01 | Mar 10, 2008 | SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from… | |||
| CVE-2008-1053 | 0.03 | — | 0.01 | Feb 27, 2008 | Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php. | |||
| CVE-2008-0934 | 0.03 | — | 0.01 | Feb 25, 2008 | SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action. | |||
| CVE-2008-0922 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php. | |||
| CVE-2008-0907 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-0906 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation. | |||
| CVE-2008-0880 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||
| CVE-2008-0879 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. | |||
| CVE-2008-0881 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action. | |||
| CVE-2008-0827 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-0461 | 0.03 | — | 0.02 | Jan 25, 2008 | SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details… | |||
| CVE-2007-6376 | 0.03 | — | 0.03 | Dec 15, 2007 | Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information… | |||
| CVE-2007-5918 | 0.03 | — | 0.01 | Nov 10, 2007 | Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an… | |||
| CVE-2007-5676 | 0.03 | — | 0.02 | Oct 24, 2007 | PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nuke_bb_root_path parameter. | |||
| CVE-2007-5069 | 0.03 | — | 0.03 | Sep 24, 2007 | Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter. |
- risk 0.49cvss 7.5epss 0.02
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and…
- CVE-2007-1061Feb 22, 2007risk 0.08cvss —epss 0.61
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).
- CVE-2005-3792Nov 24, 2005risk 0.07cvss —epss 0.44
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.
- CVE-2006-0163Jan 11, 2006risk 0.04cvss —epss 0.07
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792.
- CVE-2004-0269Nov 23, 2004risk 0.04cvss —epss 0.08
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
- CVE-2004-2044Jun 1, 2004risk 0.04cvss —epss 0.11
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to…
- CVE-2004-1989Apr 30, 2004risk 0.04cvss —epss 0.09
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
- CVE-2004-1988Apr 30, 2004risk 0.04cvss —epss 0.09
PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.
- CVE-2004-1929Apr 13, 2004risk 0.04cvss —epss 0.07
SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.
- CVE-2004-1986Apr 4, 2004risk 0.04cvss —epss 0.11
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.
- CVE-2002-0483Aug 12, 2002risk 0.04cvss —epss 0.08
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
- CVE-2002-0206May 16, 2002risk 0.04cvss —epss 0.07
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
- CVE-2001-0900Nov 18, 2001risk 0.04cvss —epss 0.08
Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter.
- CVE-2001-0383Jun 18, 2001risk 0.04cvss —epss 0.06
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.
- CVE-2000-0745Oct 20, 2000risk 0.04cvss —epss 0.12
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
- CVE-2014-3934Jun 2, 2014risk 0.03cvss —epss 0.02
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
- CVE-2010-5083Feb 14, 2012risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
- CVE-2008-7226Sep 14, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
- CVE-2008-7038Aug 24, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
- CVE-2008-6779May 1, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
- CVE-2009-0302Jan 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.
- CVE-2008-5039Nov 12, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
- CVE-2008-4767Oct 28, 2008risk 0.03cvss —epss 0.04
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of…
- CVE-2008-3573Aug 10, 2008risk 0.03cvss —epss 0.02
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation…
- CVE-2008-3512Aug 7, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.
- CVE-2008-3513Aug 7, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php.
- CVE-2008-3151Jul 11, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.
- CVE-2008-1680Apr 4, 2008risk 0.03cvss —epss 0.02
PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc.
- CVE-2008-1539Mar 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module.
- CVE-2008-1348Mar 17, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php.
- CVE-2008-1315Mar 13, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php.
- CVE-2008-1298Mar 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php.
- CVE-2008-1314Mar 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.
- CVE-2008-1308Mar 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.
- CVE-2008-1219Mar 10, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.
- CVE-2008-1220Mar 10, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from…
- CVE-2008-1053Feb 27, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.
- CVE-2008-0934Feb 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
- CVE-2008-0922Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
- CVE-2008-0907Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-0906Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
- CVE-2008-0880Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
- CVE-2008-0879Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
- CVE-2008-0881Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
- CVE-2008-0827Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-0461Jan 25, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details…
- CVE-2007-6376Dec 15, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information…
- CVE-2007-5918Nov 10, 2007risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an…
- CVE-2007-5676Oct 24, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nuke_bb_root_path parameter.
- CVE-2007-5069Sep 24, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter.
Page 1 of 4