7 results (0.035 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. Vulnerabilidad de inyección SQL en printfeature.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro artid. • https://www.exploit-db.com/exploits/6347 http://securityreason.com/securityalert/4261 http://websecurity.com.ua/2398 http://www.securityfocus.com/bid/30959 http://www.vupen.com/english/advisories/2008/2469 https://exchange.xforce.ibmcloud.com/vulnerabilities/44798 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en print.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos inyectar web script o HTML a través del parámetro sid. • https://www.exploit-db.com/exploits/6338 http://www.securityfocus.com/bid/30942 http://www.securityfocus.com/bid/31112 http://www.securityfocus.com/bid/31114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter. Vulnerabilidad de inyección SQL en print.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sid. • https://www.exploit-db.com/exploits/6338 http://securityreason.com/securityalert/4255 http://www.securityfocus.com/bid/30942 http://www.securityfocus.com/bid/31112 http://www.securityfocus.com/bid/31114 https://exchange.xforce.ibmcloud.com/vulnerabilities/45084 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3

PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. Vulnerabilidad de inclusión remota de archivo en PHP en galery/displayCategory.php del módulo My_eGallery 2.5.6 en myPHPNuke (MPN) permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro basepath. • https://www.exploit-db.com/exploits/3010 http://cyber-security.org/DataDetayAll.asp?Data_id=586 http://www.securityfocus.com/bid/21744 https://exchange.xforce.ibmcloud.com/vulnerabilities/31136 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php. • https://www.exploit-db.com/exploits/27309 https://www.exploit-db.com/exploits/27308 http://secunia.com/advisories/19052 http://securityreason.com/securityalert/491 http://www.myphpnuke.com/article.php?sid=1035&mode=thread&order=0 http://www.nukedx.com/?viewdoc=12 http://www.securityfocus.com/archive/1/425983/100/0/threaded http://www.securityfocus.com/bid/16815 http://www.vupen.com/english/advisories/2006/0750 https://exchange.xforce.ibmcloud.com/vulnerabilities/24887 •