Lucene search
K
Francisco BurziPhp-nuke

94 matches found

CVE
CVE
added 2005/05/10 4:0 a.m.123 views

CVE-2004-1988

The CVE-2004-1988 entry documents a PHP remote file inclusion in Coppermine Photo Gallery 1.2.0 RC4. The vulnerability arises when the CPG_M_DIR setting is manipulated to reference a URL on a remote server that serves functions.inc.php, allowing an attacker to execute arbitrary PHP code on the af...

7.5CVSS8AI score0.09331EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.121 views

CVE-2001-1032

PHP-Nuke 5.2 and earlier (except 5.0RC1) is vulnerable to an arbitrary file upload via admin.php due to missing authentication for upload operations. An attacker can copy/upload arbitrary files and read the PHP-Nuke configuration by invoking admin.php with an upload parameter and a target file. T...

7.5CVSS6.8AI score0.03124EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.76 views

CVE-2002-0206

The CVE-2002-0206 issue affects PHP-Nuke: index.php may include a URL to remote code via the file parameter, enabling remote arbitrary PHP code execution on servers running PHP-Nuke 5.3.1 and earlier (and possibly versions before 5.5). Root cause is PHP’s include() reading a URL without validatin...

7.5CVSS7.6AI score0.06497EPSS
CVE
CVE
added 2006/02/28 2:0 a.m.73 views

CVE-2006-0908

CVE-2006-0908 affects PHP-Nuke 7.8 Patched 3.2. A remote attacker can bypass SQL injection protections via /%2a /* sequences containing the word ad_click in the query string (kala parameter). The NVD description notes this as a SQL injection bypass vulnerability with a base CVSSv2 score of 7.5 (H...

7.5CVSS7.6AI score0.01765EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.71 views

CVE-2002-2032

The CVE-2002-2032 issue affects PHP-Nuke 5.4 and earlier, where sql_layer.php’s debugging feature is not restricted. This enables remote attackers to disclose SQL query information by setting sql_debug (e.g., in index.php or modules.php). Impact is information disclosure of all SQL queries, not r...

5CVSS7.2AI score0.05854EPSS
CVE
CVE
added 2007/02/22 12:0 a.m.70 views

CVE-2007-1061

CVE-2007-1061 involves a SQL injection in PHP-Nuke (index.php) for PHP-Nuke 8.0 Final and earlier when the HTTP Referers block is enabled. The vulnerability allows remote attackers to inject SQL via the HTTP_REFERER header (Referer). CVSS metrics from NVD indicate a base score of 6.8 (MEDIUM) wit...

6.8CVSS8.4AI score0.60766EPSS
CVE
CVE
added 2007/01/19 11:0 p.m.67 views

CVE-2007-0372

CVE-2007-0372 involves multiple SQL injection flaws in PHP-Nuke 7.9. The vulnerabilities allow remote attackers to execute arbitrary SQL commands through parameters in admin/modules/modules.php (active) and modules/Advertising/admin/index.php (ad_class, imageurl, clickurl, ad_code, position), plu...

7.5CVSS8.5AI score0.03855EPSS
Web
CVE
CVE
added 2005/02/15 5:0 a.m.64 views

CVE-2005-0433

Technical details about CVE-2005-0433 are not publicly provided in the supplied documents. Available sources describe a path disclosure in Php-Nuke 7.5. Monitor for updates on affected versions, impact, and fixes.

5CVSS7.2AI score0.01689EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.63 views

CVE-2001-1524

CVE-2001-1524 describes an XSS vulnerability in PHP-Nuke 5.3.1 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via multiple parameters: (1) uname in user.php; (2) ttitle, letter and file in modules.php; (3) subject, story and storyext in submit.php; (4) upload...

4.3CVSS6AI score0.02013EPSS
CVE
CVE
added 2005/05/19 4:0 a.m.62 views

CVE-2003-1210

The CVE-2003-1210 entry describes multiple SQL injection vulnerabilities in the PHP-Nuke Downloads module (versions 5.x through 6.5). The root cause is unsafely constructed SQL queries exposed via the lid parameter to getit and the min parameter to search, allowing remote attackers to execute arb...

7.5CVSS9.1AI score0.05365EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.62 views

CVE-2004-1839

MS Analysis module 2.0 for PHP-Nuke exposes full path disclosure via direct requests to browsers.php, mstrack.php, or title.php, enabling Information Disclosure without user interaction. Root cause: PHP error messages reveal filesystem paths. The provided documents do not specify a patched versio...

5CVSS6.6AI score0.01181EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.61 views

CVE-2001-1522

The CVE-2001-1522 entry describes an XSS vulnerability in im.php of IMessenger for PHP-Nuke , allowing remote attackers to inject arbitrary script or HTML via a message. Affected software: IMessenger for PHP-Nuke; root cause: insufficient input sanitization in im.php. Impact: partial integrity im...

4.3CVSS5.9AI score0.00992EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.61 views

CVE-2004-1989

The CVE-2004-1989 entry affects Coppermine Photo Gallery 1.2.2b, where a vulnerability in theme.php allows a remote attacker to execute arbitrary PHP code by altering THEME_DIR to reference a URL containing user_list_info_box.inc. This is a PHP remote file inclusion flaw with network access, no a...

7.5CVSS8AI score0.09331EPSS
CVE
CVE
added 2005/02/15 5:0 a.m.61 views

CVE-2005-0434

Affected product: Php-Nuke 7.5. The CVE describes multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary HTML or web script via parameters (1) newdownloadshowdays in a NewDownloads operation or (2) newlinkshowdays in a NewLinks operation. Root cause is...

4.3CVSS6.1AI score0.01242EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.60 views

CVE-2004-1912

The CVE-2004-1912 issue affects NukeCalendar 1.1.a (as used in PHP-Nuke). The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, and (4) block-Calendar_center.php scripts can disclose the full filesystem path via an error message when a URL with an invalid argument is requested. Th...

5CVSS6.5AI score0.03514EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.60 views

CVE-2004-1987

The CVE-2004-1987 vulnerability affects Coppermine Photo Gallery versions 1.2.2b and 1.2.0 RC4. It permits remote attackers with administrative privileges to execute arbitrary commands through shell metacharacters in the configuration parameters $CONFIG['impath'] or $CONFIG['jpeg_qual']. The conn...

7.5CVSS8.1AI score0.10196EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.59 views

CVE-2001-0001

PHP-Nuke 4.4 is affected by an authentication bypass via the cookiedecode flow. A crafted cookie (base64-encoded string split by colon) is decoded to populate $cookie[0] and other variables, allowing an attacker to manipulate the SQL in updates to impersonate other users and view or modify their ...

7.5CVSS6.6AI score0.0237EPSS
CVE
CVE
added 2001/04/04 4:0 a.m.59 views

CVE-2001-0320

CVE-2001-0320 affects PHP-Nuke 4.4. The flaw is in bb_smilies.php and bbcode_ref.php where a malformed username argument containing a null byte and ".." sequences can allow remote attackers to read arbitrary files and gain PHP administrator privileges. This is supported by the NVD entry and corro...

10CVSS7AI score0.02557EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.58 views

CVE-2001-0911

CVE-2001-0911 affects PHP-Nuke 5.1, where user and administrator passwords are stored in a base-64 encoded cookie. This could allow remote attackers to gain privileges by stealing/sniffing the cookie and decoding it. The connected sources corroborate the cookie-based credential exposure, but no p...

7.5CVSS6.9AI score0.03871EPSS
CVE
CVE
added 2003/05/14 4:0 a.m.58 views

CVE-2003-0279

CVE-2003-0279 describes multiple SQL injection vulnerabilities in the PHP-Nuke Web_Links module (versions 5.x through 6.5). The flaws allow remote attackers to access sensitive data by manipulating numeric fields, demonstrated via the viewlink function and cid parameter, or via index.php. The cor...

2.6CVSS7.5AI score0.01182EPSS
CVE
CVE
added 2005/04/09 4:0 a.m.58 views

CVE-2005-1027

The vulnerability concerns PHP-Nuke 6.x through 7.6 with multiple stored/reflected XSS vectors in the web interface. Specifically, arbitrary web script/HTML can be injected via the username parameter in the Your_Account module, the avatarcategory parameter in the Your_Account module, or the lid p...

4.3CVSS6AI score0.01703EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.57 views

CVE-2004-0269

CVE-2004-0269 concerns a SQL injection vulnerability in PHP-Nuke 6.9 and earlier (and possibly 7.x). The vulnerability enables remote attackers to inject arbitrary SQL code and potentially read sensitive information via input in two modules: (1) the category variable in the Search module and (2) ...

6.4CVSS7.4AI score0.08095EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.56 views

CVE-2004-1972

CVE-2004-1972: SQL injection in PHP-Nuke Video Gallery Module 0.1 Beta 5 (modules.php) allows remote attackers to inject arbitrary SQL via clipid or catid parameters in viewclip, viewcat, or voteclip actions. Vulnerable component is the module’s handling of these parameters, enabling unauthorized...

7.5CVSS8.7AI score0.02067EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.55 views

CVE-2001-0383

CVE-2001-0383 affects PHP-Nuke up to version 4.4 and earlier. The banners.php Change operation can be invoked remotely without authentication, allowing modification of banner ad URLs. NVD lists a Network attack vector, low complexity, with no confidentiality impact, partial integrity impact, and ...

5CVSS7AI score0.06454EPSS
CVE
CVE
added 2004/07/23 4:0 a.m.55 views

CVE-2004-0732

CVE-2004-0732 describes a SQL injection in Php-Nuke’s Search module (index.php) exploitable via the instory parameter. Root cause: insufficient input validation in the Search module, enabling remote attackers to inject arbitrary SQL. Impact per CVSSv2 is partial disclosure, modification, and disr...

7.5CVSS8.6AI score0.01767EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.55 views

CVE-2004-1914

Affected software : NukeCalendar 1.1.a as used in PHP-Nuke. Vulnerability : SQL injection in modules.php via the eid parameter. This allows remote attackers to execute arbitrary SQL commands. Impact : Partial confidentiality, integrity, and availability impact as per CVSS; attacker can compromise...

7.5CVSS8.8AI score0.01746EPSS
CVE
CVE
added 2005/04/07 4:0 a.m.55 views

CVE-2005-1000

CVE-2005-1000: XSS in PHP-Nuke 7.6. Affected components include banners.pgp (EmailStats op) via bid, Web_Links (TopRated/MostPopular via ratenum, viewlinkdetails/editorial/comments/ratelink via ttitle), and Your_Account (username). Root cause is improper handling of user-supplied parameters leadi...

4.3CVSS6AI score0.01765EPSS
CVE
CVE
added 2005/12/15 11:0 a.m.55 views

CVE-2005-4260

CVE-2005-4260 is an XSS vulnerability in PHP-Nuke 7.9 and later, where an interpretation conflict in includes/mainfile.php allows remote attackers to inject scripts by replacing the ">" with "

4.3CVSS6.1AI score0.02113EPSS
CVE
CVE
added 2006/11/04 1:0 a.m.55 views

CVE-2006-5720

CVE-2006-5720 describes a remote SQL injection in the PHP-Nuke Journal module (files: modules/journal/search.php) where the parameter forwhat can be tainted to inject arbitrary SQL. Affected software: PHP-Nuke 7.9 and earlier. Root cause: improper input handling in the journal search feature lead...

7.5CVSS8.4AI score0.02409EPSS
Web
CVE
CVE
added 2005/06/28 4:0 a.m.54 views

CVE-2002-1803

CVE-2002-1803 describes a cross-site scripting (XSS) flaw in PHP-Nuke 6.0 that allows remote attackers to inject arbitrary script/HTML via Javascript in an IMG tag. Affected software is PHP-Nuke 6.0; the root cause is an XSS vulnerability exposed by image tags, enabling arbitrary code execution i...

4.3CVSS6AI score0.01717EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.54 views

CVE-2004-1984

The CVE concerns Coppermine Photo Gallery versions 1.2.2b and 1.2.0 RC4. Affected files (phpinfo.php, addpic.php, config.php, db_input.php, displayecard.php, ecard.php, crop.inc.php) can disclose the full server path via a PHP error message when accessed directly, leaking information about the in...

5CVSS6.6AI score0.02552EPSS
CVE
CVE
added 2005/08/04 4:0 a.m.54 views

CVE-2004-2294

CVE-2004-2294 affects PHP-Nuke 6.0 through 7.3, where the send_review function in the Reviews module has a canonicalize-before-filter error. Text parameter processing allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences after the text is checked for dangero...

4.3CVSS5.4AI score0.01736EPSS
CVE
CVE
added 2005/04/09 4:0 a.m.54 views

CVE-2005-1023

CVE-2005-1023 : XSS vulnerabilities in PHP-Nuke 6.x–7.6 allow remote attackers to inject arbitrary script/HTML via specific parameters in Search, FAQ, and Encyclopedia modules (min, categories, ltr). The note clarifies that the related banner issue is covered by CVE-2005-1000. Connected documents...

4.3CVSS6AI score0.01729EPSS
CVE
CVE
added 2003/05/22 4:0 a.m.53 views

CVE-2003-0318

The CVE-2003-0318 entry describes a Cross-site Scripting (XSS) vulnerability in the Statistics module of PHP-Nuke 6.0 and earlier. An attacker could inject arbitrary script via the year parameter, affecting PHP-Nuke’s Statistics component. The NVD entry lists a base score of 4.3 (Medium) with I:P...

4.3CVSS5.8AI score0.01037EPSS
CVE
CVE
added 2005/08/04 4:0 a.m.53 views

CVE-2004-2297

The CVE-2004-2297 case concerns the Reviews module of PHP-Nuke versions 6.0 through 7.3. The vulnerability is a denial of service caused by a large, out-of-range score parameter that can consume CPU and memory. The available sources (NVD, CVE lists) describe the impact as a CPU/memory DoS but do ...

5CVSS7AI score0.03634EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.52 views

CVE-2004-1817

This CVE affects Php-Nuke 7.1.0, where a cross-site scripting (XSS) vulnerability exists in modules.php. The issue allows an attacker to inject arbitrary web script or HTML through user-supplied input in multiple fields: Your Name, e-mail, nicname, fname, ratenum, and search. The root cause is im...

4.3CVSS6AI score0.01736EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.52 views

CVE-2004-2044

CVE-2004-2044 affects PHP-Nuke 7.3 and related products that use the PHP-Nuke codebase (e.g., Nuke Cops betaNC bundle, OSCNukeLite 3.1, OSC2Nuke 7x). It arises from improper use of eregi() with $_SERVER['PHP_SELF'] to identify the calling script, enabling remote attackers to directly access scrip...

7.5CVSS7.2AI score0.11047EPSS
CVE
CVE
added 2006/02/13 10:0 p.m.52 views

CVE-2005-4715

CVE-2005-4715 concerns multiple SQL injection vulnerabilities in PHP-Nuke 7.8. The flaw occurs in modules.php when magic_quotes_gpc is disabled, allowing remote attackers to inject arbitrary SQL via the POST parameters (name, sid, pid) that bypass security checks applied to GET requests. Affected...

7.5CVSS9AI score0.03756EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.51 views

CVE-2000-0745

CVE-2000-0745 affects PHP-Nuke where admin.php3 does not properly verify the administrator password, enabling privilege escalation when a URL omits the aid/pwd parameters. Connected documents provide a detailed exploitation path: an attacker can manipulate URL parameters and the cookiedecode rout...

7.5CVSS6.9AI score0.1207EPSS
CVE
CVE
added 2007/10/19 10:0 a.m.51 views

CVE-2003-1400

The CVE-2003-1400 entry describes a Cross-site scripting (XSS) vulnerability in the Your_Account module of PHP-Nuke versions 5.0 through 6.0. The issue arises from an input vector in the user_avatar parameter, allowing remote attackers to inject arbitrary web script or HTML. Affected software: PH...

4.3CVSS5.8AI score0.01452EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.51 views

CVE-2004-0265

This CVE concerns a Cross-site Scripting (XSS) vulnerability in Php-Nuke 6.x-7.1.0, specifically in modules.php. The vulnerability allows remote attackers to execute arbitrary script as other users by manipulating URL-encoded parameters (1) title or (2) fname in the News or Reviews modules. Affec...

6.8CVSS6.6AI score0.04634EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.51 views

CVE-2004-0266

Affects Php-Nuke 6.x to 7.1.0 where the SQL injection vulnerability is in the public_message capability (c_mid parameter) that can disclose the administrator password. Exploitation details or specific patches are not provided in the connected documents. The OpenVAS/Nessus references confirm long-...

5CVSS7.5AI score0.02051EPSS
CVE
CVE
added 2004/07/23 4:0 a.m.51 views

CVE-2004-0737

CVE-2004-0737 concerns Php-Nuke’s Search module (index.php). The advisory notes multiple cross-site scripting vulnerabilities exploitable through 11 parameters (sid, max, sel1–sel5, match, mod1–mod3), allowing remote injection of arbitrary script/HTML. The root cause implied is insufficient input...

7.5CVSS6.4AI score0.01909EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.51 views

CVE-2004-1840

CVE-2004-1840 affects the MS Analysis module 2.0 for PHP-Nuke. The vulnerability is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary JavaScript/HTML via (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to mo...

4.3CVSS6.1AI score0.01242EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.51 views

CVE-2004-1930

Technical details beyond the initial description are not provided in the connected documents. Monitor for updates and vendor advisories for any fixes or affected versions.

4.3CVSS5.9AI score0.01736EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.51 views

CVE-2004-1932

This CVE (CVE-2004-1932) affects PHP-Nuke 6.x through 7.2, with a SQL injection in auth.php and admin.php. The underlying flaw allows remote attackers to inject SQL and create an administrator account via base64-encoded SQL in the admin parameter. The connected sources confirm the vulnerable comp...

7.5CVSS8.7AI score0.02067EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.51 views

CVE-2004-1999

CVE-2004-1999 describes a Cross-site scripting (XSS) vulnerability in the Downloads module of Php-Nuke 6.x through 7.2. The issue allows remote attackers to inject arbitrary HTML and web script via the ttitle or sid parameters to modules.php. Affected software is Php-Nuke, version range 6.x–7.2, ...

4.3CVSS6.1AI score0.01255EPSS
CVE
CVE
added 2005/11/24 11:0 a.m.51 views

CVE-2005-3792

CVE-2005-3792 corresponds to SQL injection in the PHP-Nuke 7.8 Search module (and possibly earlier versions) that allows remote execution of arbitrary SQL commands via the query parameter in a stories type. Affected software is PHP-Nuke 7.8 with patch 3.1, and other versions before 7.9 may be vul...

7.5CVSS8.4AI score0.44293EPSS
CVE
CVE
added 2001/04/04 4:0 a.m.50 views

CVE-2001-0292

CVE-2001-0292 concerns PHP-Nuke 4.4.1a. The vulnerability allows remote attackers to modify a user’s email address and obtain the password by guessing the user id (UID) and invoking the user.php page with the saveuser operator. The description indicates an unauthenticated vector that leverages UI...

7.5CVSS6.8AI score0.02378EPSS
CVE
CVE
added 2007/10/23 1:0 a.m.50 views

CVE-2003-1435

This CVE (CVE-2003-1435) describes an SQL injection in PHP-Nuke versions 5.6 and 6.0, exploitable via the days parameter in the search module to allow remote execution of arbitrary SQL. The underlying issue is an input validation flaw in the search component, enabling attackers to influence the b...

7.5CVSS8.4AI score0.01727EPSS
Total number of security vulnerabilities94