CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2003-1547
https://notcve.org/view.php?id=CVE-2003-1547
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. • http://secunia.com/advisories/8478 http://securityreason.com/securityalert/3718 http://www.securityfocus.com/archive/1/316925/30/25250/threaded http://www.securityfocus.com/archive/1/317230/30/25220/threaded http://www.securityfocus.com/bid/7248 https://exchange.xforce.ibmcloud.com/vulnerabilities/11675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 3CVE-2003-1468 – PHP-Nuke 6.0/6.5 Web_Links Module - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2003-1468
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. • https://www.exploit-db.com/exploits/22598 http://www.securityfocus.com/archive/1/321313 http://www.securityfocus.com/bid/7589 https://exchange.xforce.ibmcloud.com/vulnerabilities/12436 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2003-1340
https://notcve.org/view.php?id=CVE-2003-1340
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279. • http://securityreason.com/securityalert/3185 http://www.securityfocus.com/archive/1/323425 http://www.securityfocus.com/archive/1/480866/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1526
https://notcve.org/view.php?id=CVE-2003-1526
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. • http://www.securityfocus.com/archive/1/341743 http://www.securityfocus.com/bid/8848 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0318
https://notcve.org/view.php?id=CVE-2003-0318
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en el módulo de estadísticas de PHP-Nuke 6.0 y anteriores permite que atacantes remotos inserten script web arbitrario mediante el parámetro year. • http://marc.info/?l=bugtraq&m=105319538308834&w=2 •