Page 11 of 77 results (0.003 seconds)

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 2

SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. Vulnerabilidad de inyección de SQL en la capacidad "mensaje público" (public_message) de php-nuke 6.x a 7.1.0 permite a atacantes remotos obtener la contraseña de administrador mediante el parámetro cmid. • https://www.exploit-db.com/exploits/23670 http://marc.info/?l=bugtraq&m=107635110327066&w=2 http://www.securityfocus.com/bid/9615 https://exchange.xforce.ibmcloud.com/vulnerabilities/15080 •

CVSS: 6.4EPSS: 0%CPEs: 26EXPL: 3

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. Vulnerabilidad de inyección de SQL en PHP-Nuke 6.9 y anteriores, y posiblemente 6.x, permite a atacantes remotos inyectar código SQL de su elección y obtener información sensible mediante (1) la variable category en el módulo Search. o (2) la variable admin en el módulo Web_Links. • https://www.exploit-db.com/exploits/22589 https://www.exploit-db.com/exploits/23680 http://marc.info/?l=bugtraq&m=107643348117646&w=2 http://www.scan-associates.net/papers/phpnuke69.txt http://www.securityfocus.com/bid/9630 https://exchange.xforce.ibmcloud.com/vulnerabilities/15115 •

CVSS: 6.8EPSS: 1%CPEs: 13EXPL: 3

Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php de Php-Nuke 6.x- 7.1.0 permite a atacantes remotos ejecutar scripts de su elección como otros usuarios mediante parámetros (1) título o (2) fname codifacidos en URL en los módulos News o Reviews. • https://www.exploit-db.com/exploits/23669 http://marc.info/?l=bugtraq&m=107634727520936&w=2 http://www.securityfocus.com/bid/9605 http://www.securityfocus.com/bid/9613 https://exchange.xforce.ibmcloud.com/vulnerabilities/15076 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1

error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. • https://www.exploit-db.com/exploits/23844 http://marc.info/?l=bugtraq&m=107963064317560&w=2 http://secunia.com/advisories/11164 http://www.osvdb.org/4386 http://www.securityfocus.com/bid/9911 https://exchange.xforce.ibmcloud.com/vulnerabilities/15524 •

CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 3

The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. • https://www.exploit-db.com/exploits/22598 http://www.securityfocus.com/archive/1/321313 http://www.securityfocus.com/bid/7589 https://exchange.xforce.ibmcloud.com/vulnerabilities/12436 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •