Design/Logic Flaw

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent HTTPUSERAGENT, which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying tha...

CVE-2006-0805

The CVE-2006-0805 issue affects php-Nuke 6.0–7.9 where CAPTCHA uses fixed challenge/response pairs that vary only daily based on the User-Agent. An attacker can bypass CAPTCHA by fixing HTTP_USER_AGENT, performing a valid challenge/response, and replaying that pair in the random_num and gfx_check...

CVE-2006-0805

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent HTTPUSERAGENT, which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying tha...

PHP-Nuke 7.x - CAPTCHA Bypass

PHP-Nuke 7.x - CAPTCHA Bypass source: https://www.securityfocus.com/bid/16722/info The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error. This may be used to carry out other attacks such as brute-force attempts against the login page. ------ real life...

PHP-Nuke 7.x - CAPTCHA Bypass

source: https://www.securityfocus.com/bid/16722/info The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error. This may be used to carry out other attacks such as brute-force attempts against the login page. ------ real life exploit ------ phpNuke CAPTHCA...

Sql injection

SQL injection vulnerability in index.php in the YourAccount module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable Nickname field...

CVE-2006-0679

SQL injection vulnerability in index.php in the YourAccount module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable Nickname field...

CVE-2006-0679

PHP-Nuke 7.8 and earlier is vulnerable to a SQL injection in the Your_Account module (index.php) via the username field, enabling remote attackers to manipulate SQL queries. The vulnerability is demonstrated in the Your_Account workflow (e.g., new_user) where user input is not properly sanitized ...

CVE-2006-0679

SQL injection vulnerability in index.php in the YourAccount module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable Nickname field...

Cross site scripting

Cross-site scripting XSS vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter...

CVE-2006-0676

Cross-site scripting XSS vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter...

CVE-2005-4715

CVE-2005-4715 concerns multiple SQL injection vulnerabilities in PHP-Nuke 7.8. The flaw occurs in modules.php when magic_quotes_gpc is disabled, allowing remote attackers to inject arbitrary SQL via the POST parameters (name, sid, pid) that bypass security checks applied to GET requests. Affected...

CVE-2006-0676

The CVE-2006-0676 entry describes a Cross‑Site Scripting (XSS) vulnerability in PHP-Nuke, affecting version 6.0 through 7.8. The issue resides in header.php and allows an attacker to inject arbitrary script/HTML via the pagetitle parameter, potentially affecting any pages that reflect this input....

CVE-2006-0676

Cross-site scripting XSS vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter...

CVE-2005-4715

Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 name, 2 sid, and 3 pid parameters in a POST request, which bypasses security checks that are performed for GET requests...

[SA18820] PHP-Nuke "pagetitle" Cross-Site Scripting Vulnerability

TITLE: PHP-Nuke "pagetitle" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA18820 VERIFY ADVISORY: http://secunia.com/advisories/18820/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ PHP-Nuke 6.x...

PHP-Nuke 6.x/7.x - 'header.php?Pagetitle' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16608/info PHPNuke is prone to a cross-site scripting vulnerability. This issue affects the 'header.php' script. PHPNuke 7.8 and prior versions are reportedly vulnerable. http://www.example.com/nuke78/?pagetitle=w00ttest...

CVE-2006-0308

PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter...

CVE-2006-0308

CVE-2006-0308 affects the htmltonuke.php module for PHP-Nuke (htmltonuke 2.0 alpha and possibly other versions). The vulnerability is a PHP remote file inclusion in the filnavn parameter, enabling remote attackers to execute arbitrary PHP code. Root cause: improper handling of URLs/filenames in t...

CVE-2006-0308

PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter...