CVE-2004-1830

error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid 1 language, 2 newlang, or 3 lang parameter, which leaks the pathname in a PHP error message...

CVE-2004-1930

Technical details beyond the initial description are not provided in the connected documents. Monitor for updates and vendor advisories for any fixes or affected versions.

CVE-2004-1914

Affected software : NukeCalendar 1.1.a as used in PHP-Nuke. Vulnerability : SQL injection in modules.php via the eid parameter. This allows remote attackers to execute arbitrary SQL commands. Impact : Partial confidentiality, integrity, and availability impact as per CVSS; attacker can compromise...

CVE-2004-1839

MS Analysis module 2.0 for PHP-Nuke exposes full path disclosure via direct requests to browsers.php, mstrack.php, or title.php, enabling Information Disclosure without user interaction. Root cause: PHP error messages reveal filesystem paths. The provided documents do not specify a patched versio...

CVE-2004-1972

CVE-2004-1972: SQL injection in PHP-Nuke Video Gallery Module 0.1 Beta 5 (modules.php) allows remote attackers to inject arbitrary SQL via clipid or catid parameters in viewclip, viewcat, or voteclip actions. Vulnerable component is the module’s handling of these parameters, enabling unauthorized...

CVE-2004-2020

Multiple cross-site scripting XSS vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the 1 optionbox parameter in the News module, 2 date parameter in the Statistics module, 3 year, month, and month1 parameters in the StoriesArchive...

CVE-2004-1932

SQL injection vulnerability in 1 auth.php and 2 admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter...

CVE-2004-1820

The CVE-2004-1820 entry concerns PHP remote file inclusion in displaycategory.php of 4nalbum 0.92 running on PHP-Nuke 6.5–7.0. The underlying flaw allows an attacker to cause arbitrary PHP code execution by altering the basepath parameter to point to a URL on a remote web server that serves fileF...

CVE-2004-1999

CVE-2004-1999 describes a Cross-site scripting (XSS) vulnerability in the Downloads module of Php-Nuke 6.x through 7.2. The issue allows remote attackers to inject arbitrary HTML and web script via the ttitle or sid parameters to modules.php. Affected software is Php-Nuke, version range 6.x–7.2, ...

CVE-2004-1998

CVE-2004-1998 affects Php-Nuke (Downloads module) versions 6.x–7.2. The issue stems from an invalid show parameter to modules.php, which causes a PHP error message that reveals the full filesystem path, enabling information disclosure. Impact is limited to confidentiality (full path exposure); ex...

CVE-2004-2000

SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the 1 orderby or 2 sid parameters to modules.php...

CVE-2004-1999

Cross-site scripting XSS vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the 1 ttitle or 2 sid parameters to modules.php...

CVE-2004-1998

The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message...

CVE-2004-2000

The vuln is in Php-Nuke (Downloads module) versions 6.x through 7.2, caused by an SQL injection in modules.php via the (1) orderby or (2) sid parameters. This allows remote attackers to modify/execute arbitrary SQL as described in CVE-2004-2000. No remediation or patch details are provided in the...

CVE-2004-1839

MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to 1 browsers.php, 2 mstrack.php, or 3 title.php, which reveal the full path in a PHP error message...

CVE-2004-2044

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi PHP function with $SERVER'PHPSELF' to identify the calling script, which allows remote attackers to directly access scripts,...

CVE-2004-1821

CVE-2004-1821 describes an SQL injection vulnerability in the PHP-Nuke module 4nalbum 0.92, affecting versions 6.5 through 7.0. The issue arises from the gid parameter, enabling remote attackers to perform unauthorized database operations or gain privileges. Public references in CVE records conso...

CVE-2004-1820

PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php...

CVE-2004-1840

Multiple cross-site scripting XSS vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the 1 screen parameter to modules.php, 2 modulename parameter to title.php, 3 sortby parameter to modules.php, or 4 overview parameter to...

CVE-2004-1819

CVE-2004-1819 affects 4nalbum 0.92 running with PHP-Nuke 6.5–7.0. The issue is an information disclosure via a direct request to displaycategory.php, where an error message reveals the filesystem path. This results in partial confidentiality impact (information disclosure). The connected document...