1732 matches found
CVE-2002-1803
CVE-2002-1803 describes a cross-site scripting (XSS) flaw in PHP-Nuke 6.0 that allows remote attackers to inject arbitrary script/HTML via Javascript in an IMG tag. Affected software is PHP-Nuke 6.0; the root cause is an XSS vulnerability exposed by image tags, enabling arbitrary code execution i...
CVE-2002-1803
Cross-site scripting XSS vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...
PHP nuke XSS vulnerability
strongphP nuke exploit/strong beffects:/b all versions of php nuke bsolution:/b better filtering of offsite avatar selection. in the avatar selection of the profile, u have the option of linking to an offsite image. this is the perfect place for an exploit. by placing this line of code into the b...
PHP-Nuke 7.x - Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing...
PHP-Nuke 7.x - Multiple Remote File Inclusions
PHP-Nuke 7.x - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issue...
CVE-2003-1210
The CVE-2003-1210 entry describes multiple SQL injection vulnerabilities in the PHP-Nuke Downloads module (versions 5.x through 6.5). The root cause is unsafely constructed SQL queries exposed via the lid parameter to getit and the min parameter to search, allowing remote attackers to execute arb...
CVE-2003-1210
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the 1 lid parameter to the getit function or the 2 min parameter to the search function...
CVE-2004-2020
CVE-2004-2020 affects Php-Nuke 6.x through 7.3. The vulnerability is a set of cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary HTML or scripts via user-supplied input in specific parameters: optionbox (News module), date (Statistics module), year/month/month_1 (Sto...
CVE-2004-2000
The vuln is in Php-Nuke (Downloads module) versions 6.x through 7.2, caused by an SQL injection in modules.php via the (1) orderby or (2) sid parameters. This allows remote attackers to modify/execute arbitrary SQL as described in CVE-2004-2000. No remediation or patch details are provided in the...
CVE-2004-1912
The CVE-2004-1912 issue affects NukeCalendar 1.1.a (as used in PHP-Nuke). The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, and (4) block-Calendar_center.php scripts can disclose the full filesystem path via an error message when a URL with an invalid argument is requested. Th...
CVE-2004-1842
PHP-Nuke 6.x through 7.1.0 is affected by a CSRF that lets an attacker gain administrative privileges via an image tag pointing to admin.php. The PT-2004-2741 entry confirms the issue and recommends upgrading to a version containing the fix; no specific fixed version is provided in the sources.
CVE-2004-1839
MS Analysis module 2.0 for PHP-Nuke exposes full path disclosure via direct requests to browsers.php, mstrack.php, or title.php, enabling Information Disclosure without user interaction. Root cause: PHP error messages reveal filesystem paths. The provided documents do not specify a patched versio...
CVE-2004-1830
CVE-2004-1830 : The error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information by supplying invalid (language, newlang, or lang) parameters, which leaks the pathname in a PHP error message. This is a information-disclosure issue affecting the specified...
CVE-2004-1829
Affected product: Gijza.net Error Manager 2.1 for PHP-Nuke 6.0. Vulnerability: multiple cross-site scripting (XSS) in error.php, exploitable via the pagetitle, error, or certain error-log parameters. Root cause: insufficient input validation in error handling leading to injection of arbitrary web...
CVE-2004-1821
CVE-2004-1821 describes an SQL injection vulnerability in the PHP-Nuke module 4nalbum 0.92, affecting versions 6.5 through 7.0. The issue arises from the gid parameter, enabling remote attackers to perform unauthorized database operations or gain privileges. Public references in CVE records conso...
CVE-2004-1971
The CVE-2004-1971 entry concerns PHP-Nuke Video Gallery Module 0.1 Beta 5. a vulnerability where remote attackers can cause an error message by issuing HTTP requests with invalid catid or clipid parameters, causing disclosure of the full server path. Affected component: PHP-Nuke Video Gallery Mod...
CVE-2004-1932
This CVE (CVE-2004-1932) affects PHP-Nuke 6.x through 7.2, with a SQL injection in auth.php and admin.php. The underlying flaw allows remote attackers to inject SQL and create an administrator account via base64-encoded SQL in the admin parameter. The connected sources confirm the vulnerable comp...
CVE-2004-1914
Affected software : NukeCalendar 1.1.a as used in PHP-Nuke. Vulnerability : SQL injection in modules.php via the eid parameter. This allows remote attackers to execute arbitrary SQL commands. Impact : Partial confidentiality, integrity, and availability impact as per CVSS; attacker can compromise...
CVE-2004-1841
CVE-2004-1841 concerns a SQL injection in MS Analysis module 2.0 for PHP-Nuke, allowing remote attackers to execute arbitrary SQL via the Referer header in an HTTP request. The available documents identify the affected component and the general vulnerability class but do not provide version-speci...
CVE-2004-1840
CVE-2004-1840 affects the MS Analysis module 2.0 for PHP-Nuke. The vulnerability is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary JavaScript/HTML via (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to mo...