4 matches found
CVE-2011-1480
CVE-2011-1480 affects PHP-Nuke (admin.php) in the admin backend of PHP-Nuke 8.0 and earlier. The vulnerability is an SQL injection via the chng_uid parameter, allowing remote attackers to execute arbitrary SQL commands. The available connected documents confirm the affected software/version range...
CVE-2011-3784
CVE-2011-3784 affects PHP-Nuke 8.0 and enables information disclosure by requesting a .php file, which then reveals the installation path in an error message (e.g., themes/Odyssey/theme.php). The root cause is error handling that leaks filesystem paths to remote attackers. Documented impact is se...
CVE-2011-1481
CVE-2011-1481 affects PHP-Nuke 8.0 and earlier. The vulnerability is multiple cross-site scripting (XSS) in the Feedback action of modules.php, exploitable via the sender_name or sender_email parameters. Impact described as allowing remote attackers to inject arbitrary web script or HTML. NVD met...
CVE-2011-1482
PHP-Nuke 8.0 and earlier are affected by multiple CSRF vulnerabilities in mainfile.php that allow remote attackers to hijack administrator sessions by issuing requests to add user accounts or grant admin privileges. The root cause is a Referer check implemented as a substring comparison, enabling...