Francisco Burzi

Php-nuke

94 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2008-0461

Exploit
  • EPSS 4.17%
  • Veröffentlicht 25.01.2008 16:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. ...

7.5

CVE-2007-6376

Exploit
  • EPSS 0.02%
  • Veröffentlicht 15.12.2007 01:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the pro...

5.1

CVE-2007-5032

  • EPSS 0.02%
  • Veröffentlicht 21.09.2007 19:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters.

6.8

CVE-2007-1061

  • EPSS 55.74%
  • Veröffentlicht 22.02.2007 00:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).

7.5

CVE-2007-0372

Exploit
  • EPSS 0.19%
  • Veröffentlicht 19.01.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (...

7.5

CVE-2007-0309

Exploit
  • EPSS 35.4%
  • Veröffentlicht 18.01.2007 00:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat paramet...

7.5

CVE-2006-6234

Exploit
  • EPSS 0.94%
  • Veröffentlicht 02.12.2006 11:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter i...

7.5

CVE-2006-6200

Exploit
  • EPSS 0.26%
  • Veröffentlicht 01.12.2006 01:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to exec...

7.5

CVE-2006-5720

  • EPSS 0.19%
  • Veröffentlicht 04.11.2006 01:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.

7.5

CVE-2006-1847

  • EPSS 0.13%
  • Veröffentlicht 19.04.2006 16:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the...