Php-nuke Security Vulnerabilities and Issues — Php-nuke CVE List

Lucene search

Francisco BurziPhp-nuke

9 matches found

CVE•added 2007/02/22 12:28 a.m.•59 views

CVE-2007-1061

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).

6.8CVSS8.4AI score0.56277EPSS

CVE•added 2007/01/19 11:28 p.m.•42 views

CVE-2007-0372

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admi...

7.5CVSS8.5AI score0.0014EPSS

CVE•added 2007/01/18 12:28 a.m.•38 views

CVE-2007-0309

SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5CVSS8.4AI score0.34572EPSS

CVE•added 2007/10/19 10:0 a.m.•37 views

CVE-2003-1400

Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.

4.3CVSS5.8AI score0.00121EPSS

CVE•added 2007/10/23 1:0 a.m.•37 views

CVE-2003-1435

SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.

7.5CVSS8.4AI score0.00015EPSS

CVE•added 2007/10/24 11:0 p.m.•37 views

CVE-2003-1468

The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.

4.3CVSS7.1AI score0.00027EPSS

CVE•added 2007/12/15 1:46 a.m.•37 views

CVE-2007-6376

Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the detail...

7.5CVSS6.8AI score0.00149EPSS

CVE•added 2007/09/21 7:17 p.m.•35 views

CVE-2007-5032

Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters.

5.1CVSS6.9AI score0.00014EPSS

CVE•added 2007/10/25 7:0 p.m.•34 views

CVE-2003-1526

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.

5CVSS7AI score0.00012EPSS