Lucene search
K

6 matches found

CVE
CVE
added 2007/03/20 8:0 p.m.60 views

CVE-2007-1520

The CVE-2007-1520 issue affects PHP-Nuke 8.0 and earlier, where CSRF protection fails to verify that the SERVER superglobal is an array before validating HTTP_REFERER. This logic flaw enables CSRF attacks against vulnerable PHP-Nuke installations. The vulnerability is described in multiple source...

6.8CVSS6.8AI score0.00779EPSS
CVE
CVE
added 2007/08/08 1:52 a.m.60 views

CVE-2007-4212

CVE-2007-4212 concerns multiple XSS flaws in the PHP-Nuke Search Module. The vulnerabilities allow remote attackers to inject arbitrary script/HTML by supplying a trailing “” in: (1) the onerror attribute of IMG, (2) the onload attribute of IFRAME, or (3) redirect via the META tag. Affected softw...

4.3CVSS5.7AI score0.01028EPSS
CVE
CVE
added 2007/10/01 12:0 a.m.54 views

CVE-2003-1340

CVE-2003-1340 refers to multiple SQL injection vulnerabilities in PHP-Nuke 5.6 and 6.5. The flaws allow remote authenticated users to inject SQL via a uid cookie to modules.php and via an aid cookie to the Web_Links module using actions such as viewlink, MostPopular, or NewLinksDate. The cited so...

6.5CVSS8.3AI score0.0095EPSS
CVE
CVE
added 2007/03/14 6:0 p.m.51 views

CVE-2007-1449

CVE-2007-1449 affects PHP-Nuke 8.0 and earlier. A directory-traversal flaw in mainfile.php allows remote attackers to read arbitrary files by supplying ".." in the lang parameter, enabling partial confidentiality impact. Root cause: insufficient input validation in the lang parameter. The connect...

4.3CVSS6.7AI score0.01268EPSS
CVE
CVE
added 2007/03/14 6:0 p.m.47 views

CVE-2007-1450

The CVE-2007-1450 issue affects PHP-Nuke 8.0 and earlier, where an SQL injection flaw in mainfile.php enables remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter. Affected component is the mainfile.php entry point used by the PHP-Nuke framework; roo...

7.5CVSS8.4AI score0.01001EPSS
CVE
CVE
added 2007/03/20 8:0 p.m.45 views

CVE-2007-1519

PHP-Nuke (versions 8.0 and earlier) is affected by a cross-site scripting (XSS) issue in modules.php, exploitable via the query parameter in the Downloads module search. This is a remote XSS vulnerability in PHP-Nuke INP/Downloads search path; the exact root cause is a failure to sanitize input i...

4.3CVSS5.6AI score0.01125EPSS