Lucene search
K

4 matches found

CVE
CVE
added 2011/06/21 1:0 a.m.65 views

CVE-2011-1480

CVE-2011-1480 affects PHP-Nuke (admin.php) in the admin backend of PHP-Nuke 8.0 and earlier. The vulnerability is an SQL injection via the chng_uid parameter, allowing remote attackers to execute arbitrary SQL commands. The available connected documents confirm the affected software/version range...

7.5CVSS8.7AI score0.01154EPSS
CVE
CVE
added 2011/09/24 12:0 a.m.59 views

CVE-2011-3784

CVE-2011-3784 affects PHP-Nuke 8.0 and enables information disclosure by requesting a .php file, which then reveals the installation path in an error message (e.g., themes/Odyssey/theme.php). The root cause is error handling that leaks filesystem paths to remote attackers. Documented impact is se...

5CVSS6.3AI score0.01229EPSS
CVE
CVE
added 2011/06/21 1:0 a.m.58 views

CVE-2011-1481

CVE-2011-1481 affects PHP-Nuke 8.0 and earlier. The vulnerability is multiple cross-site scripting (XSS) in the Feedback action of modules.php, exploitable via the sender_name or sender_email parameters. Impact described as allowing remote attackers to inject arbitrary web script or HTML. NVD met...

4.3CVSS5.9AI score0.01089EPSS
CVE
CVE
added 2011/06/21 1:0 a.m.55 views

CVE-2011-1482

PHP-Nuke 8.0 and earlier are affected by multiple CSRF vulnerabilities in mainfile.php that allow remote attackers to hijack administrator sessions by issuing requests to add user accounts or grant admin privileges. The root cause is a Referer check implemented as a substring comparison, enabling...

6.8CVSS7.5AI score0.00639EPSS