CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2008-2020
https://notcve.org/view.php?id=CVE-2008-2020
30 Apr 2008 — The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack usi... • http://securityreason.com/securityalert/3834 • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2008-0461 – PHP-Nuke 8.0 Final - 'sid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0461
25 Jan 2008 — SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el fichero index.php del módulo Search de PHP-Nuke 8.0 FINAL y versiones anteriores. Cuando magic_quotes_gpc está deshabilitado, permite que atacantes remoto... • https://www.exploit-db.com/exploits/4965 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 41EXPL: 0CVE-2007-5032
https://notcve.org/view.php?id=CVE-2007-5032
21 Sep 2007 — Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. Falsificación de petición en sitios cruzados (CSRF) en admin.php de Francisco Burzi PHP-Nuke permite a atacantes remotos añadir cuentas administrativas mediante una acción AddAuthor con parámetros add_name y add_radminsuper modificados. • http://osvdb.org/42521 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2007-1449
https://notcve.org/view.php?id=CVE-2007-1449
14 Mar 2007 — Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. Vulnerabilidad de escalado de directorio en mainfile.php del PHP-Nuke 8.0 y versiones anteriores permite a atacantes remotos leer ficheros de su elección mediante un .. (punto punto) en el parámetro lang. • http://secunia.com/advisories/24484 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2007-1450
https://notcve.org/view.php?id=CVE-2007-1450
14 Mar 2007 — SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter. Vulnerabilidad de inyección SQL en el mainfile.php del PHP-Nuke 8.0 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección en módulo Top o News mediante el parámetro lang. • http://www.securityfocus.com/archive/1/462443/100/0/threaded •
CVSS: 9.8EPSS: 66%CPEs: 1EXPL: 3CVE-2007-1061 – PHP-Nuke 8.0 Final - 'INSERT' Blind SQL Injection (MySQL)
https://notcve.org/view.php?id=CVE-2007-1061
22 Feb 2007 — SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). Vulnerabilidad de inyección SQL en index.php del Francisco Burzi PHP-Nuke 8.0 Final y versiones anteriores, cuando el bloque de las "Referencias HTTP" está habilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cabecera HTTP Refere... • https://www.exploit-db.com/exploits/3344 •