Php-nuke@7.4 Security Vulnerabilities and Issues — Php-nuke@7.4 CVE List

Lucene search

Francisco BurziPhp-nuke7.4

9 matches found

CVE•added 2005/05/02 4:0 a.m.•45 views

CVE-2005-1027

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads mod...

4.3CVSS6AI score0.00042EPSS

CVE•added 2006/11/04 1:7 a.m.•40 views

CVE-2006-5720

SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.

7.5CVSS8.4AI score0.00186EPSS

CVE•added 2005/05/03 4:0 a.m.•38 views

CVE-2005-1386

PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to We...

5CVSS6.6AI score0.00014EPSS

CVE•added 2006/02/21 2:2 a.m.•37 views

CVE-2006-0805

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying t...

7.5CVSS6.7AI score0.01759EPSS

CVE•added 2005/09/21 9:3 p.m.•36 views

CVE-2005-3016

Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors.

10CVSS7.2AI score0.00018EPSS

CVE•added 2005/05/02 4:0 a.m.•35 views

CVE-2005-0999

SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter.

7.5CVSS8.8AI score0.00019EPSS

CVE•added 2005/05/02 4:0 a.m.•35 views

CVE-2005-1023

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid...

4.3CVSS6AI score0.00119EPSS

CVE•added 2005/05/02 4:0 a.m.•35 views

CVE-2005-1024

modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message.

5CVSS6.6AI score0.00053EPSS

CVE•added 2006/12/01 1:28 a.m.•32 views

CVE-2006-6200

Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.

7.5CVSS8.9AI score0.00264EPSS