Php-nuke Security Vulnerabilities and Issues — Php-nuke CVE List

Lucene search

PhpnukePhp-nuke

4 matches found

CVE•added 2007/03/14 6:19 p.m.•39 views

CVE-2007-1449

Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

4.3CVSS6.7AI score0.00344EPSS

CVE•added 2007/03/20 8:19 p.m.•36 views

CVE-2007-1520

The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.

6.8CVSS6.8AI score0.00506EPSS

CVE•added 2007/03/14 6:19 p.m.•35 views

CVE-2007-1450

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.

7.5CVSS8.4AI score0.0034EPSS

CVE•added 2007/03/20 8:19 p.m.•33 views

CVE-2007-1519

Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.

4.3CVSS5.6AI score0.03175EPSS