Php-nuke@5.2 Security Vulnerabilities and Issues — Php-nuke@5.2 CVE List

Lucene search

Francisco BurziPhp-nuke5.2

9 matches found

CVE•added 2002/05/16 4:0 a.m.•65 views

CVE-2002-0206

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.

7.5CVSS7.6AI score0.00221EPSS

CVE•added 2005/07/14 4:0 a.m.•56 views

CVE-2002-2032

sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.

5CVSS7.2AI score0.00032EPSS

CVE•added 2005/07/14 4:0 a.m.•49 views

CVE-2001-1524

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload ...

4.3CVSS6AI score0.00056EPSS

CVE•added 2004/11/23 5:0 a.m.•44 views

CVE-2004-0269

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.

6.4CVSS7.4AI score0.00115EPSS

CVE•added 2002/02/02 5:0 a.m.•37 views

CVE-2001-0911

PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.

7.5CVSS6.9AI score0.00043EPSS

CVE•added 2007/10/19 10:0 a.m.•37 views

CVE-2003-1400

Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.

4.3CVSS5.8AI score0.00121EPSS

CVE•added 2001/12/06 5:0 a.m.•34 views

CVE-2001-0854

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.

5CVSS6.8AI score0.0002EPSS

CVE•added 2005/05/10 4:0 a.m.•34 views

CVE-2004-2044

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scri...

7.5CVSS7.2AI score0.01076EPSS

CVE•added 2002/08/12 4:0 a.m.•29 views

CVE-2002-0483

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.

5CVSS6.5AI score0.00108EPSS