6 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. Vulnerabilidad de inyección SQL en printfeature.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro artid. • https://www.exploit-db.com/exploits/6347 http://securityreason.com/securityalert/4261 http://websecurity.com.ua/2398 http://www.securityfocus.com/bid/30959 http://www.vupen.com/english/advisories/2008/2469 https://exchange.xforce.ibmcloud.com/vulnerabilities/44798 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en print.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos inyectar web script o HTML a través del parámetro sid. • https://www.exploit-db.com/exploits/6338 http://www.securityfocus.com/bid/30942 http://www.securityfocus.com/bid/31112 http://www.securityfocus.com/bid/31114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter. Vulnerabilidad de inyección SQL en print.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sid. • https://www.exploit-db.com/exploits/6338 http://securityreason.com/securityalert/4255 http://www.securityfocus.com/bid/30942 http://www.securityfocus.com/bid/31112 http://www.securityfocus.com/bid/31114 https://exchange.xforce.ibmcloud.com/vulnerabilities/45084 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php. • https://www.exploit-db.com/exploits/27309 https://www.exploit-db.com/exploits/27308 http://secunia.com/advisories/19052 http://securityreason.com/securityalert/491 http://www.myphpnuke.com/article.php?sid=1035&mode=thread&order=0 http://www.nukedx.com/?viewdoc=12 http://www.securityfocus.com/archive/1/425983/100/0/threaded http://www.securityfocus.com/bid/16815 http://www.vupen.com/english/advisories/2006/0750 https://exchange.xforce.ibmcloud.com/vulnerabilities/24887 •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 3

Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. • https://www.exploit-db.com/exploits/22268 http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html http://secunia.com/advisories/8125 http://www.osvdb.org/3931 http://www.securityfocus.com/bid/6892 https://exchange.xforce.ibmcloud.com/vulnerabilities/11376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •