Vendor CVEs
PHP-Nuke
All CVEs
174 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0731 | 0.00 | — | 0.02 | Jul 27, 2004 | Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. | |||
| CVE-2004-0738 | 0.00 | — | 0.01 | Jul 27, 2004 | Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. | |||
| CVE-2004-0737 | 0.00 | — | 0.02 | Jul 27, 2004 | Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3… | |||
| CVE-2004-1998 | 0.00 | — | 0.01 | May 5, 2004 | The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message. | |||
| CVE-2004-1999 | 0.00 | — | 0.01 | May 5, 2004 | Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. | |||
| CVE-2004-1984 | 0.00 | — | 0.03 | May 2, 2004 | Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path… | |||
| CVE-2004-1971 | 0.00 | — | 0.01 | Apr 26, 2004 | modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. | |||
| CVE-2004-1839 | 0.00 | — | 0.01 | Mar 22, 2004 | MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | |||
| CVE-2004-1840 | 0.00 | — | 0.01 | Mar 22, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or… | |||
| CVE-2004-1819 | 0.00 | — | 0.02 | Mar 15, 2004 | 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message. | |||
| CVE-2003-1526 | 0.00 | — | 0.01 | Dec 31, 2003 | PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. | |||
| CVE-2003-1547 | 0.00 | — | 0.01 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. | |||
| CVE-2003-0279 | 0.00 | — | 0.01 | Jun 16, 2003 | Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. | |||
| CVE-2003-0318 | 0.00 | — | 0.01 | Jun 9, 2003 | Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. | |||
| CVE-2001-1523 | 0.00 | — | 0.01 | Dec 31, 2001 | Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter. | |||
| CVE-2001-1522 | 0.00 | — | 0.01 | Dec 31, 2001 | Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. | |||
| CVE-2001-0854 | 0.00 | — | 0.01 | Dec 6, 2001 | PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user. | |||
| CVE-2001-0911 | 0.00 | — | 0.04 | Nov 21, 2001 | PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. | |||
| CVE-2001-1032 | 0.00 | — | 0.03 | Sep 24, 2001 | admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and… | |||
| CVE-2001-1025 | 0.00 | — | 0.03 | Aug 31, 2001 | PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php. | |||
| CVE-2001-0001 | 0.00 | — | 0.02 | Jun 2, 2001 | cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. | |||
| CVE-2001-0320 | 0.00 | — | 0.03 | May 3, 2001 | bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument. | |||
| CVE-2001-0321 | 0.00 | — | 0.02 | May 3, 2001 | opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. | |||
| CVE-2001-0292 | 0.00 | — | 0.02 | May 3, 2001 | PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator. |
- CVE-2004-0731Jul 27, 2004risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.
- CVE-2004-0738Jul 27, 2004risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
- CVE-2004-0737Jul 27, 2004risk 0.00cvss —epss 0.02
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3…
- CVE-2004-1998May 5, 2004risk 0.00cvss —epss 0.01
The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message.
- CVE-2004-1999May 5, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.
- CVE-2004-1984May 2, 2004risk 0.00cvss —epss 0.03
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path…
- CVE-2004-1971Apr 26, 2004risk 0.00cvss —epss 0.01
modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message.
- CVE-2004-1839Mar 22, 2004risk 0.00cvss —epss 0.01
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
- CVE-2004-1840Mar 22, 2004risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or…
- CVE-2004-1819Mar 15, 2004risk 0.00cvss —epss 0.02
4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message.
- CVE-2003-1526Dec 31, 2003risk 0.00cvss —epss 0.01
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
- CVE-2003-1547Dec 31, 2003risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.
- CVE-2003-0279Jun 16, 2003risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
- CVE-2003-0318Jun 9, 2003risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.
- CVE-2001-1523Dec 31, 2001risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter.
- CVE-2001-1522Dec 31, 2001risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.
- CVE-2001-0854Dec 6, 2001risk 0.00cvss —epss 0.01
PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
- CVE-2001-0911Nov 21, 2001risk 0.00cvss —epss 0.04
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
- CVE-2001-1032Sep 24, 2001risk 0.00cvss —epss 0.03
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and…
- CVE-2001-1025Aug 31, 2001risk 0.00cvss —epss 0.03
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
- CVE-2001-0001Jun 2, 2001risk 0.00cvss —epss 0.02
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.
- CVE-2001-0320May 3, 2001risk 0.00cvss —epss 0.03
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
- CVE-2001-0321May 3, 2001risk 0.00cvss —epss 0.02
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.
- CVE-2001-0292May 3, 2001risk 0.00cvss —epss 0.02
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
Page 4 of 4