CVE-2004-1818

CVE-2004-1818 describes a cross-site scripting (XSS) vulnerability in the nmimage.php script of 4nalbum 0.92 running on PHP-Nuke 6.5–7.0. Attackers can inject arbitrary script via the z parameter to execute code in the context of other users. The provided documents do not specify exploit details,...

CVE-2004-2018

Php-Nuke 6.x–7.3 is affected by a PHP remote file inclusion vulnerability in index.php, exploitable by altering the modpath parameter to reference a URL on a remote server containing malicious code, enabling remote code execution. The initial documents do not provide specific remediation steps or...

CVE-2004-1972

CVE-2004-1972: SQL injection in PHP-Nuke Video Gallery Module 0.1 Beta 5 (modules.php) allows remote attackers to inject arbitrary SQL via clipid or catid parameters in viewclip, viewcat, or voteclip actions. Vulnerable component is the module’s handling of these parameters, enabling unauthorized...

CVE-2004-1959

The CVE-2004-1959 entry affects Protector System 1.15b1 for PHP-Nuke, where blocker_query.php exposes sensitive path information through the portNum parameter in an error message. This is a remote information-disclosure vulnerability that allows attackers to learn server filesystem paths. The ava...

CVE-2004-1817

This CVE affects Php-Nuke 7.1.0, where a cross-site scripting (XSS) vulnerability exists in modules.php. The issue allows an attacker to inject arbitrary web script or HTML through user-supplied input in multiple fields: Your Name, e-mail, nicname, fname, ratenum, and search. The root cause is im...

CVE-2004-2044

CVE-2004-2044 affects PHP-Nuke 7.3 and related products that use the PHP-Nuke codebase (e.g., Nuke Cops betaNC bundle, OSCNukeLite 3.1, OSC2Nuke 7x). It arises from improper use of eregi() with $_SERVER['PHP_SELF'] to identify the calling script, enabling remote attackers to directly access scrip...

CVE-2004-2019

The CVE-2004-2019 entry concerns the WebLinks module of Php-Nuke 6.x–7.3. The vulnerability arises from an invalid show parameter in the WebLinks module, which allows remote attackers to obtain sensitive information by triggering a PHP error that reveals the full filesystem path. Affected softwar...

CVE-2004-1999

CVE-2004-1999 describes a Cross-site scripting (XSS) vulnerability in the Downloads module of Php-Nuke 6.x through 7.2. The issue allows remote attackers to inject arbitrary HTML and web script via the ttitle or sid parameters to modules.php. Affected software is Php-Nuke, version range 6.x–7.2, ...

CVE-2004-1998

CVE-2004-1998 affects Php-Nuke (Downloads module) versions 6.x–7.2. The issue stems from an invalid show parameter to modules.php, which causes a PHP error message that reveals the full filesystem path, enabling information disclosure. Impact is limited to confidentiality (full path exposure); ex...

CVE-2004-1913

The CVE-2004-1913 entry documents a cross-site scripting (XSS) vulnerability in the NukeCalendar 1.1.a module (as used in PHP-Nuke), exploitable via the eid parameter in modules.php. This allows remote attackers to inject arbitrary web script or HTML. The available references confirm the affected...

CVE-2004-2019

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message...

CVE-2004-1830

error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid 1 language, 2 newlang, or 3 lang parameter, which leaks the pathname in a PHP error message...

CVE-2004-1930

Technical details beyond the initial description are not provided in the connected documents. Monitor for updates and vendor advisories for any fixes or affected versions.

CVE-2004-1820

PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php...

CVE-2004-1818

Cross-site scripting XSS vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter...

CVE-2004-1821

SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter...

CVE-2004-1829

Multiple cross-site scripting XSS vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 pagetitle or 2 error parameters, or 3 certain parameters in the error log...

CVE-2004-1839

MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to 1 browsers.php, 2 mstrack.php, or 3 title.php, which reveal the full path in a PHP error message...

CVE-2004-1841

SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request...

CVE-2004-1842

Cross-site request forgery CSRF vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php...