VYPR

Vendor CVEs

PHP-Nuke

All CVEs

174 total · sorted by risk
  • CVE-2004-0731Jul 27, 2004
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.

  • CVE-2004-0738Jul 27, 2004
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.

  • CVE-2004-0737Jul 27, 2004
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3…

  • CVE-2004-1998May 5, 2004
    risk 0.00cvss epss 0.01

    The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message.

  • CVE-2004-1999May 5, 2004
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.

  • CVE-2004-1984May 2, 2004
    risk 0.00cvss epss 0.03

    Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path…

  • CVE-2004-1971Apr 26, 2004
    risk 0.00cvss epss 0.01

    modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message.

  • CVE-2004-1839Mar 22, 2004
    risk 0.00cvss epss 0.01

    MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.

  • CVE-2004-1840Mar 22, 2004
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or…

  • CVE-2004-1819Mar 15, 2004
    risk 0.00cvss epss 0.02

    4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message.

  • CVE-2003-1526Dec 31, 2003
    risk 0.00cvss epss 0.01

    PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.

  • CVE-2003-1547Dec 31, 2003
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.

  • CVE-2003-0279Jun 16, 2003
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.

  • CVE-2003-0318Jun 9, 2003
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.

  • CVE-2001-1523Dec 31, 2001
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter.

  • CVE-2001-1522Dec 31, 2001
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.

  • CVE-2001-0854Dec 6, 2001
    risk 0.00cvss epss 0.01

    PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.

  • CVE-2001-0911Nov 21, 2001
    risk 0.00cvss epss 0.04

    PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.

  • CVE-2001-1032Sep 24, 2001
    risk 0.00cvss epss 0.03

    admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and…

  • CVE-2001-1025Aug 31, 2001
    risk 0.00cvss epss 0.03

    PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.

  • CVE-2001-0001Jun 2, 2001
    risk 0.00cvss epss 0.02

    cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.

  • CVE-2001-0320May 3, 2001
    risk 0.00cvss epss 0.03

    bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.

  • CVE-2001-0321May 3, 2001
    risk 0.00cvss epss 0.02

    opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.

  • CVE-2001-0292May 3, 2001
    risk 0.00cvss epss 0.02

    PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.

Page 4 of 4