CVE-2004-2295

CVE-2004-2295 involves a SQL injection in the Reviews module of PHP-Nuke versions 6.0 through 7.3. The vulnerability allows remote attackers to execute arbitrary SQL commands by manipulating the order parameter, enabling potential data disclosure or modification. The provided documents identify t...

CVE-2004-2293

PHP-Nuke 6.0–7.3 is affected by multiple XSS flaws in the Encyclopedia module (via the eid parameter or the module query), in Reviews module via the preview_review function (parameters: url, cover, rlanguage, hits), and in Reviews via savecomment (uname parameter). Root cause: improper handling o...

CVE-2004-2296

CVE-2004-2296 affects the PHP-Nuke Reviews module (versions 6.0–7.3) where the preview_review function on Windows allows a remote attacker to obtain sensitive information by supplying an invalid date parameter, which triggers an error message. The vulnerability is described as a potential partial...

CVE-2004-2294

CVE-2004-2294 affects PHP-Nuke 6.0 through 7.3, where the send_review function in the Reviews module has a canonicalize-before-filter error. Text parameter processing allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences after the text is checked for dangero...

CVE-2004-2293

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the 1 eid parameter or 2 query parameter to the Encyclopedia module, 3 previewreview function in the Reviews module as demonstrated by the url, cover,...

CVE-2004-2294

Canonicalize-before-filter error in the sendreview function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leadin...

CVE-2004-2295

SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter...

CVE-2004-2296

The previewreview function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message...

CVE-2004-2297

The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service CPU and memory consumption via a large, out-of-range score parameter...

CVE-2002-1995

CVE-2002-1995: A cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter. Affected component is phptonuke.php within PHP-Nuke; the underlying issue is input that is not properly sanitized, enab...

CVE-2001-1523

CVE-2001-1523 describes a cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke. The issue stems from improper handling of the topic parameter, allowing remote attackers to inject arbitrary web script or HTML. Affected component: DMOZGateway within PHP-Nuke (topic parame...

CVE-2001-1522

The CVE-2001-1522 entry describes an XSS vulnerability in im.php of IMessenger for PHP-Nuke , allowing remote attackers to inject arbitrary script or HTML via a message. Affected software: IMessenger for PHP-Nuke; root cause: insufficient input sanitization in im.php. Impact: partial integrity im...

CVE-2002-2032

The CVE-2002-2032 issue affects PHP-Nuke 5.4 and earlier, where sql_layer.php’s debugging feature is not restricted. This enables remote attackers to disclose SQL query information by setting sql_debug (e.g., in index.php or modules.php). Impact is information disclosure of all SQL queries, not r...

CVE-2002-1995

Cross-site scripting XSS vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter...

CVE-2002-2032

sqllayer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sqldebug parameter to 1 index.php and 2 modules.php...

CVE-2001-1523

Cross-site scripting XSS vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter...

CVE-2001-1524

Cross-site scripting XSS vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 uname parameter in user.php, 2 ttitle, letter and file parameters in modules.php, 3 subject, story and storyext parameters in submit.php, 4 upload paramete...

CVE-2001-1522

Cross-site scripting XSS vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message...

CVE-2001-1524

CVE-2001-1524 describes an XSS vulnerability in PHP-Nuke 5.3.1 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via multiple parameters: (1) uname in user.php; (2) ttitle, letter and file in modules.php; (3) subject, story and storyext in submit.php; (4) upload...

sile002adv.txt

---- sile002 advisory + PoC PRODUCT: PHP-Nuke VERSION: 7.5 but others versions maybe either vulnerables VENDOR: http://www.phpnuke.org VULNERABILITY: Multiple vulnerability RISK: Hight Found by: Silentium of Anacron Group Italy date: 02/05/2005 e-mail: anacrongroupitalyatautisticidotorg myhome:...