Page 12 of 71 results (0.008 seconds)

CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. Múltiples vulnerabilidades de inyección SQL en el módulo Web_Links para PHP-Nuke 5.x hasta 6.5 permite que atacantes remotos roben información mediante campos numéricos, como se ha demostrado usando (1) la función viewlink y el parámetro cid, o (2) index.php. • http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html http://marc.info/?l=bugtraq&m=105276019312980&w=2 http://www.securityfocus.com/bid/7558 http://www.securityfocus.com/bid/7588 https://exchange.xforce.ibmcloud.com/vulnerabilities/11984 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. • https://www.exploit-db.com/exploits/21859 http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html http://www.iss.net/security_center/static/10173.php http://www.securityfocus.com/bid/5796 •

CVSS: 5.0EPSS: 2%CPEs: 14EXPL: 3

sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. • https://www.exploit-db.com/exploits/21233 http://www.securityfaq.com/unixfocus/5OP041P6BE.html http://www.securityfocus.com/bid/3906 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. Vulnerabilidad de inyección de SQL en PHP-Nuke anterior a 6.0 permite a usuarios autenticados remotamente modificar la base de datos y ganar privilegios mediante un argumento "bio" en modules.php • https://www.exploit-db.com/exploits/21977 http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html http://marc.info/?l=bugtraq&m=103616324103171&w=2 http://www.idefense.com/advisory/10.31.02c.txt http://www.iss.net/security_center/static/10516.php http://www.osvdb.org/6244 http://www.securityfocus.com/bid/6088 •

CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 2

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. • https://www.exploit-db.com/exploits/21349 http://online.securityfocus.com/archive/1/263337 http://www.iss.net/security_center/static/8618.php http://www.securityfocus.com/bid/4333 •