Phpnuke

Php-nuke

21 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2007-4212

  • EPSS 0.29%
  • Published 08.08.2007 02:17:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attr...

6.8

CVE-2007-1520

Exploit
  • EPSS 0.51%
  • Published 20.03.2007 20:19:00
  • Last modified 09.04.2025 00:30:58

The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.

4.3

CVE-2007-1519

Exploit
  • EPSS 0.36%
  • Published 20.03.2007 20:19:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-200...

7.5

CVE-2007-1450

  • EPSS 0.34%
  • Published 14.03.2007 18:19:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.

4.3

CVE-2007-1449

  • EPSS 0.47%
  • Published 14.03.2007 18:19:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

5.1

CVE-2006-5525

Exploit
  • EPSS 1.51%
  • Published 26.10.2006 16:07:00
  • Last modified 09.04.2025 00:30:58

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonst...

7.5

CVE-2006-5494

Exploit
  • EPSS 16.46%
  • Published 25.10.2006 10:07:00
  • Last modified 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. N...

5

CVE-2005-1028

  • EPSS 0.35%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error m...

8.8

CVE-2004-1842

Exploit
  • EPSS 0.59%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.

6.5

CVE-2003-1340

Exploit
  • EPSS 0.28%
  • Published 31.12.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands...