2 matches found
CVE-2006-5494
CVE-2006-5494 / CVE-2006-6795 describe remote file inclusion flaws in the pandaBB module for PHP-Nuke and the My_eGallery 2.5.6 module for myPHPNuke, both allowing an attacker to execute arbitrary PHP code via a URL parameter. The core issue is PHP remote file inclusion in the gallery/displayCate...
CVE-2006-5525
PHP-Nuke 7.9 and earlier are affected by an incomplete blacklist in mainfile.php that fails to reject UNION-based SQL injection payloads. The vulnerability can be triggered via the eid parameter in the Encyclopedia module (modules.php) using patterns such as //UNION or UNION/ /. The root cause is...