Php-nuke@8.0 final Security Vulnerabilities and Issues — Php-nuke@8.0 final CVE List

Lucene search

Francisco BurziPhp-nuke8.0 final

11 matches found

CVE•added 2005/07/14 4:0 a.m.•44 views

CVE-2001-1522

Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.

4.3CVSS5.9AI score0.00021EPSS

CVE•added 2004/07/27 4:0 a.m.•43 views

CVE-2004-0732

SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.

7.5CVSS8.6AI score0.00038EPSS

CVE•added 2005/05/10 4:0 a.m.•43 views

CVE-2004-1912

The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.

5CVSS6.5AI score0.00038EPSS

CVE•added 2004/07/27 4:0 a.m.•40 views

CVE-2004-0737

Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.

7.5CVSS6.4AI score0.00028EPSS

CVE•added 2005/05/10 4:0 a.m.•39 views

CVE-2004-1914

SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter.

7.5CVSS8.8AI score0.00019EPSS

CVE•added 2007/12/15 1:46 a.m.•37 views

CVE-2007-6376

Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the detail...

7.5CVSS6.8AI score0.00149EPSS

CVE•added 2004/07/27 4:0 a.m.•36 views

CVE-2004-0738

Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.

7.5CVSS8.7AI score0.00025EPSS

CVE•added 2002/03/09 5:0 a.m.•35 views

CVE-2001-0321

opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.

5CVSS6.7AI score0.0005EPSS

CVE•added 2005/05/10 4:0 a.m.•35 views

CVE-2004-1913

Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.

4.3CVSS6AI score0.00024EPSS

CVE•added 2004/07/27 4:0 a.m.•33 views

CVE-2004-0731

Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.

6.8CVSS6.2AI score0.00059EPSS

CVE•added 2004/07/27 4:0 a.m.•33 views

CVE-2004-0736

The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.

5CVSS6.9AI score0.00016EPSS