Php-nuke@* Security Vulnerabilities and Issues — Php-nuke@* CVE List

Lucene search

Francisco BurziPhp-nuke*

11 matches found

CVE•added 2002/06/25 4:0 a.m.•107 views

CVE-2001-1032

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to c...

7.5CVSS6.8AI score0.23192EPSS

CVE•added 2007/02/22 12:28 a.m.•59 views

CVE-2007-1061

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).

6.8CVSS8.4AI score0.56277EPSS

CVE•added 2005/05/19 4:0 a.m.•45 views

CVE-2003-1210

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.

7.5CVSS9.1AI score0.00019EPSS

CVE•added 2003/06/09 4:0 a.m.•40 views

CVE-2003-0318

Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.

4.3CVSS5.8AI score0.00016EPSS

CVE•added 2006/11/04 1:7 a.m.•40 views

CVE-2006-5720

SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.

7.5CVSS8.4AI score0.00186EPSS

CVE•added 2001/09/18 4:0 a.m.•39 views

CVE-2001-0383

banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.

5CVSS7AI score0.00064EPSS

CVE•added 2007/01/18 12:28 a.m.•38 views

CVE-2007-0309

SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5CVSS8.4AI score0.34572EPSS

CVE•added 2008/01/25 4:0 p.m.•38 views

CVE-2008-0461

SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from thir...

6.8CVSS8.3AI score0.04174EPSS

CVE•added 2005/09/21 9:3 p.m.•36 views

CVE-2005-3016

Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors.

10CVSS7.2AI score0.00018EPSS

CVE•added 2007/09/21 7:17 p.m.•35 views

CVE-2007-5032

Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters.

5.1CVSS6.9AI score0.00014EPSS

CVE•added 2005/05/02 4:0 a.m.•30 views

CVE-2005-1180

HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.

5CVSS7AI score0.00146EPSS