Francisco Burzi

Php-nuke

94 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2004-0732

Exploit
  • EPSS 0.04%
  • Veröffentlicht 27.07.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.

6.8

CVE-2004-0731

Exploit
  • EPSS 0.06%
  • Veröffentlicht 27.07.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.

7.5

CVE-2004-2044

Exploit
  • EPSS 1.08%
  • Veröffentlicht 01.06.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, whic...

4.3

CVE-2004-1999

Exploit
  • EPSS 0.89%
  • Veröffentlicht 05.05.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.

5

CVE-2004-1998

Exploit
  • EPSS 0.02%
  • Veröffentlicht 05.05.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message.

5

CVE-2004-1984

Exploit
  • EPSS 0.55%
  • Veröffentlicht 02.05.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.ph...

4.3

CVE-2004-1985

Exploit
  • EPSS 0.16%
  • Veröffentlicht 30.04.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.

7.5

CVE-2004-1987

Exploit
  • EPSS 0.28%
  • Veröffentlicht 30.04.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.

7.5

CVE-2004-1988

Exploit
  • EPSS 0.08%
  • Veröffentlicht 30.04.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.

7.5

CVE-2004-1989

Exploit
  • EPSS 0.08%
  • Veröffentlicht 30.04.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_...