PHP-Nuke 7.8 - 'modules.php' SQL Injection

/ PHP-Nuke 4.0 coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru / // tested on 7.8 include include include include include include include define START 47 define END 103 define SZ 1024 define PORT 80 define PREFIX "nuke" define SQL...

PHP-Nuke 7.8 - modules.php SQL Injection

PHP-Nuke 7.8 - modules.php SQL Injection / PHP-Nuke 4.0 coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru / // tested on 7.8 include include include include include include include define START 47 define END 103 define SZ 1024 define PORT 80 define PREFIX "nuke" define SQL...

CVE-2002-1996

Cross-site scripting XSS vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 name parameter in modules.php and 2 catid parameter in index.php...

CVE-2004-1954

Cross-site scripting XSS vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter...

CVE-2004-1914

Affected software : NukeCalendar 1.1.a as used in PHP-Nuke. Vulnerability : SQL injection in modules.php via the eid parameter. This allows remote attackers to execute arbitrary SQL commands. Impact : Partial confidentiality, integrity, and availability impact as per CVSS; attacker can compromise...

CVE-2004-1954

CVE-2004-1954 affects phProfession 2.5, with a vulnerability in modules.php that allows remote injection of arbitrary script/HTML via the jcode parameter (XSS). The provided documents specify the affected file and parameter but do not include mitigation, patch versions, or concrete exploit detail...

CVE-2004-2000

SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the 1 orderby or 2 sid parameters to modules.php...

CVE-2004-1913

The CVE-2004-1913 entry documents a cross-site scripting (XSS) vulnerability in the NukeCalendar 1.1.a module (as used in PHP-Nuke), exploitable via the eid parameter in modules.php. This allows remote attackers to inject arbitrary web script or HTML. The available references confirm the affected...

CVE-2004-1955

The CVE-2004-1955 entry describes a SQL injection in the phProfession 2.5 package, specifically via the offset parameter in modules.php. Affected software: phProfession 2.5; vulnerable component: modules.php. Root cause: improper handling of the offset input enables arbitrary SQL execution by rem...

CVE-2005-0721

PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code...

CVE-2005-1024

modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to 1 myheadlines, 2 userinfo, or 3 search, which reveals the path in a PHP error message...

CVE-2004-0663

CVE-2004-0663 affects PowerPortal 1.x, where a cross-site scripting (XSS) flaw exists in modules.php. The vulnerability enables injection of arbitrary script or HTML via (1) id in the private_messages module, (2) search in the links and content modules, and (3) files in the gallery module. These ...

CVE-2004-0265

This CVE concerns a Cross-site Scripting (XSS) vulnerability in Php-Nuke 6.x-7.1.0, specifically in modules.php. The vulnerability allows remote attackers to execute arbitrary script as other users by manipulating URL-encoded parameters (1) title or (2) fname in the News or Reviews modules. Affec...

PHP-Nuke 6.0 - modules.php Denial of Service

PHP-Nuke 6.0 - modules.php Denial of Service source: https://www.securityfocus.com/bid/6465/info A denial of service vulnerability has been reported for the modules.php script used by PHP-Nuke. The vulnerability occurs because the modules.php script does not properly validate some URI parameters...

PHP-Nuke 5.6 - 'modules.php' SQL Injection

source: https://www.securityfocus.com/bid/6088/info A SQL injection vulnerability has been reported for PHP-Nuke 5.6. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malform...

PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page, 'user.php', which contains malicious script code. When the link is clicked by...

PHP-Nuke 1.02.53.04.x5.x6.x7.x - modules.php Multiple Cross-Site Scripting Vulnerabilities

PHP-Nuke 1.02.53.04.x5.x6.x7.x - modules.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user...