CVE-2004-2294

Canonicalize-before-filter error in the sendreview function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leadin...

CVE-2002-2032

sqllayer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sqldebug parameter to 1 index.php and 2 modules.php...

CVE-2002-1995

Cross-site scripting XSS vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter...

CVE-2002-1803

Cross-site scripting XSS vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...

CVE-2005-3016

Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors...

CVE-2003-1526

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as 1 ", 2 ', or 3 in the search field, which reveals the path in an error message...

CVE-2005-0613

Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files...

PHP-Nuke Top Module SQL Injection

Exploit Title: PHP-Nuke SQL injection Top Module + protection Bypass Google Dork: intext: Powered by PHP-Nuke Date: 2024-10-07 Exploit Author: Emiliano Febbi Vendor Homepage: https://phpnuke.org/ Software Link: https://sourceforge.net/projects/phpnuke/files/phpnuke/ Version: 6.x New concept of...

SUSE CVE-2003-0279

Multiple SQL injection vulnerabilities in the WebLinks module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using 1 the viewlink function and cid parameter, or 2 index.php...

PHP-Nuke SQL Injection Vulnerability (CNVD-2021-28375)

PHP-Nuke is a web-based automated news publishing and content management system. A SQL injection vulnerability exists in the "User Registration" section of PHP-Nuke version 8.3.3. An attacker can exploit this vulnerability to achieve remote code execution...

CVE-2021-30177

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE...

CVE-2021-30177

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE...

Sql injection

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE...

CVE-2021-30177

CVE-2021-30177 corresponds to a SQL Injection vulnerability in PHP-Nuke 8.3.3 (User Registration) that can lead to remote code execution. Root cause described across sources: input validation failures, specifically U.S. state not restricted to two letters and the OrderBy parameter not limited to ...

CVE-2021-30177

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE...

PT-2021-18652 · Php Nuke · Php-Nuke

Name of the Vulnerable Software and Affected Versions: PHP-Nuke version 8.3.3 Description: The issue is related to a SQL Injection vulnerability in the User Registration section, which can lead to remote code execution. This occurs due to the lack of validation for the U.S. state, which should be...

PHP-Nuke Information Disclosure Vulnerability

An information disclosure vulnerability exists in PHP-Nuke version 8.0. Due to the disclosure of the installation path in an error message, a remote attacker can obtain sensitive information by directly requesting the .php file...

Nuke Evolution 2.0.9d - Multiple CS Cross Site Vulnerabilities

Document Title: =============== Nuke Evolution 2.0.9d - Multiple CS Cross Site Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1894 Release Date: ============= 2016-08-09 Vulnerability Laboratory ID VL-ID:...

Nuke Evolution 2.0.9d - Multiple CS Cross Site Vulnerabilities

Document Title: =============== Nuke Evolution 2.0.9d - Multiple CS Cross Site Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1894 Release Date: ============= 2016-08-08 Vulnerability Laboratory ID VL-ID:...

PHP Nuke Module Emporium modules php SQL Injection (CVE-2007-1034)

An SQL injection vulnerability has been reported in PHP-Nuke Emporium Module. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...