Page 16 of 99 results (0.015 seconds)

CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 3

The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. • https://www.exploit-db.com/exploits/22598 http://www.securityfocus.com/archive/1/321313 http://www.securityfocus.com/bid/7589 https://exchange.xforce.ibmcloud.com/vulnerabilities/12436 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. • http://www.securityfocus.com/archive/1/341743 http://www.securityfocus.com/bid/8848 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. • http://secunia.com/advisories/8478 http://securityreason.com/securityalert/3718 http://www.securityfocus.com/archive/1/316925/30/25250/threaded http://www.securityfocus.com/archive/1/317230/30/25220/threaded http://www.securityfocus.com/bid/7248 https://exchange.xforce.ibmcloud.com/vulnerabilities/11675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 3

Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. • https://www.exploit-db.com/exploits/22211 http://www.securityfocus.com/archive/1/309959 http://www.securityfocus.com/archive/1/310115 http://www.securityfocus.com/bid/6750 https://exchange.xforce.ibmcloud.com/vulnerabilities/11229 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 3

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. • https://www.exploit-db.com/exploits/22597 http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html http://www.securityfocus.com/bid/7588 https://exchange.xforce.ibmcloud.com/vulnerabilities/11984 •