Php-nuke@7.0 Security Vulnerabilities and Issues — Php-nuke@7.0 CVE List

Lucene search

PhpnukePhp-nuke7.0

10 matches found

CVE•added 2006/10/26 4:7 p.m.•52 views

CVE-2006-5525

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "//UNION " or (2) " UNION/ /" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a ...

5.1CVSS7.9AI score0.01016EPSS

CVE•added 2007/08/08 2:17 a.m.•49 views

CVE-2007-4212

Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites vi...

4.3CVSS5.7AI score0.00285EPSS

CVE•added 2011/06/21 2:52 a.m.•49 views

CVE-2011-1480

SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.

7.5CVSS8.7AI score0.0036EPSS

CVE•added 2009/04/20 2:30 p.m.•40 views

CVE-2008-6728

SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.

7.5CVSS8.6AI score0.0036EPSS

CVE•added 2007/03/14 6:19 p.m.•39 views

CVE-2007-1449

Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

4.3CVSS6.7AI score0.00344EPSS

CVE•added 2008/04/30 1:7 a.m.•39 views

CVE-2008-2020

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses ...

7.5CVSS7.6AI score0.00519EPSS

CVE•added 2011/06/21 2:52 a.m.•39 views

CVE-2011-1482

Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related t...

6.8CVSS7.5AI score0.00132EPSS

CVE•added 2011/06/21 2:52 a.m.•37 views

CVE-2011-1481

Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.

4.3CVSS5.9AI score0.00254EPSS

CVE•added 2007/03/20 8:19 p.m.•36 views

CVE-2007-1520

The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.

6.8CVSS6.8AI score0.00506EPSS

CVE•added 2007/03/14 6:19 p.m.•35 views

CVE-2007-1450

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.

7.5CVSS8.4AI score0.0034EPSS