6 matches found
CVE-2007-1520
The CVE-2007-1520 issue affects PHP-Nuke 8.0 and earlier, where CSRF protection fails to verify that the SERVER superglobal is an array before validating HTTP_REFERER. This logic flaw enables CSRF attacks against vulnerable PHP-Nuke installations. The vulnerability is described in multiple source...
CVE-2007-4212
CVE-2007-4212 concerns multiple XSS flaws in the PHP-Nuke Search Module. The vulnerabilities allow remote attackers to inject arbitrary script/HTML by supplying a trailing “” in: (1) the onerror attribute of IMG, (2) the onload attribute of IFRAME, or (3) redirect via the META tag. Affected softw...
CVE-2003-1340
CVE-2003-1340 refers to multiple SQL injection vulnerabilities in PHP-Nuke 5.6 and 6.5. The flaws allow remote authenticated users to inject SQL via a uid cookie to modules.php and via an aid cookie to the Web_Links module using actions such as viewlink, MostPopular, or NewLinksDate. The cited so...
CVE-2007-1449
CVE-2007-1449 affects PHP-Nuke 8.0 and earlier. A directory-traversal flaw in mainfile.php allows remote attackers to read arbitrary files by supplying ".." in the lang parameter, enabling partial confidentiality impact. Root cause: insufficient input validation in the lang parameter. The connect...
CVE-2007-1450
The CVE-2007-1450 issue affects PHP-Nuke 8.0 and earlier, where an SQL injection flaw in mainfile.php enables remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter. Affected component is the mainfile.php entry point used by the PHP-Nuke framework; roo...
CVE-2007-1519
PHP-Nuke (versions 8.0 and earlier) is affected by a cross-site scripting (XSS) issue in modules.php, exploitable via the query parameter in the Downloads module search. This is a remote XSS vulnerability in PHP-Nuke INP/Downloads search path; the exact root cause is a failure to sanitize input i...