Php-nuke@7.6 Security Vulnerabilities and Issues — Php-nuke@7.6 CVE List

Lucene search

PhpnukePhp-nuke7.6

4 matches found

CVE•added 2007/08/08 2:17 a.m.•49 views

CVE-2007-4212

Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites vi...

4.3CVSS5.7AI score0.00285EPSS

CVE•added 2007/03/14 6:19 p.m.•39 views

CVE-2007-1449

Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

4.3CVSS6.7AI score0.00344EPSS

CVE•added 2007/03/20 8:19 p.m.•36 views

CVE-2007-1520

The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.

6.8CVSS6.8AI score0.00506EPSS

CVE•added 2007/03/14 6:19 p.m.•35 views

CVE-2007-1450

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.

7.5CVSS8.4AI score0.0034EPSS