Francisco Burzi

Php-nuke

94 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2004-1972

Exploit
  • EPSS 0.02%
  • Published 26.04.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action.

7.5

CVE-2004-1929

Exploit
  • EPSS 0.13%
  • Published 13.04.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.

7.5

CVE-2004-1932

Exploit
  • EPSS 0.02%
  • Published 12.04.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.

4.3

CVE-2004-1930

Exploit
  • EPSS 0.17%
  • Published 12.04.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.

5

CVE-2004-1986

Exploit
  • EPSS 0.11%
  • Published 04.04.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.

4.3

CVE-2004-1840

Exploit
  • EPSS 0.02%
  • Published 22.03.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby ...

5

CVE-2004-1839

  • EPSS 0.02%
  • Published 22.03.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.

5

CVE-2004-1830

  • EPSS 0.05%
  • Published 18.03.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.

4.3

CVE-2004-1817

Exploit
  • EPSS 5.68%
  • Published 15.03.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or ...

4.3

CVE-2003-1547

  • EPSS 0.03%
  • Published 31.12.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.