CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1CVE-2004-1830 – PHP-Nuke Error Manager Module 2.1 - 'error.php?language' Full Path Disclosure
https://notcve.org/view.php?id=CVE-2004-1830
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. • https://www.exploit-db.com/exploits/23844 http://marc.info/?l=bugtraq&m=107963064317560&w=2 http://secunia.com/advisories/11164 http://www.osvdb.org/4386 http://www.securityfocus.com/bid/9911 https://exchange.xforce.ibmcloud.com/vulnerabilities/15524 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2004-1817 – PHP-Nuke 7.1 Recommend_Us Module - 'fname' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1817
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. • https://www.exploit-db.com/exploits/23814 http://marc.info/?l=bugtraq&m=107937752811633&w=2 http://secunia.com/advisories/11135 http://www.securityfocus.com/bid/9879 https://exchange.xforce.ibmcloud.com/vulnerabilities/15491 •
CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 3CVE-2003-1468 – PHP-Nuke 6.0/6.5 Web_Links Module - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2003-1468
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. • https://www.exploit-db.com/exploits/22598 http://www.securityfocus.com/archive/1/321313 http://www.securityfocus.com/bid/7589 https://exchange.xforce.ibmcloud.com/vulnerabilities/12436 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1526
https://notcve.org/view.php?id=CVE-2003-1526
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. • http://www.securityfocus.com/archive/1/341743 http://www.securityfocus.com/bid/8848 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2003-1547
https://notcve.org/view.php?id=CVE-2003-1547
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. • http://secunia.com/advisories/8478 http://securityreason.com/securityalert/3718 http://www.securityfocus.com/archive/1/316925/30/25250/threaded http://www.securityfocus.com/archive/1/317230/30/25220/threaded http://www.securityfocus.com/bid/7248 https://exchange.xforce.ibmcloud.com/vulnerabilities/11675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •