CVSS: 7.5EPSS: 55%CPEs: 1EXPL: 2CVE-2007-0309 – PHP-Nuke 7.x - 'Block-Old_Articles.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-0309
SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en blocks/block-Old_Articles.php en Francisco Burzi PHP-Nuke 7.9 y versiones anteriores, cuando register_globals está activado y magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat. • https://www.exploit-db.com/exploits/29453 http://osvdb.org/32863 http://secunia.com/advisories/23748 http://securityreason.com/securityalert/2153 http://securitytracker.com/id?1017511 http://www.neosecurityteam.net/advisories/PHP-Nuke--7.9-Old-Articles-Block-cat-SQL-Injection-vulnerability-31.html http://www.securityfocus.com/archive/1/456787/100/0/threaded http://www.securityfocus.com/bid/22037 https://exchange.xforce.ibmcloud.com/vulnerabilities/31482 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6234
https://notcve.org/view.php?id=CVE-2006-6234
Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. Múltiples vulnerabilidades de inyección SQL en el módulo Content en PHP-Nuke 6.0, y posiblemente otras versiones, permite a atacantes remotos ejecutar comandos SQL de su elección a través (1) del parámetro cid en una acción list_pages_categories o (2) el parámetro pid en una acción showpage. • http://securityreason.com/securityalert/1953 http://www.attrition.org/pipermail/vim/2006-December/001157.html http://www.securityfocus.com/archive/1/437835/100/200/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27501 •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1CVE-2006-6200
https://notcve.org/view.php?id=CVE-2006-6200
Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. Múltiples vulnerabilidades de inyección SQL en las funciones (1) rate_article y (2) rate_complete en modules/News/index.php en el módulo News en Francisco Burzi PHP-Nuke 7.9 y anteriores, cuando magic_quotes_gpc está desactivado, permite a un atacante remoto ejecutar comandos SQL a través del parámetro sid. • http://secunia.com/advisories/23128 http://securityreason.com/securityalert/1935 http://securitytracker.com/id?1017282 http://www.neosecurityteam.net/index.php?action=advisories&id=30 http://www.securityfocus.com/archive/1/452553/100/0/threaded http://www.securityfocus.com/bid/21277 http://www.vupen.com/english/advisories/2006/4739 https://exchange.xforce.ibmcloud.com/vulnerabilities/30525 •
CVSS: 7.5EPSS: 6%CPEs: 10EXPL: 1CVE-2006-5720 – PHP-Nuke 7.x Journal Module - 'search.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5720
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. Vulnerabilidad de inyección SQL en modules/journal/search.php en el módulo Journal en Francisco Burzi PHP-Nuke 7.9 y anteriores, permite a un atacante remoto ejecutar comandos SQL de su elección a través de un parámetro forwhat. • https://www.exploit-db.com/exploits/28885 http://secunia.com/advisories/22617 http://securityreason.com/securityalert/1812 http://www.neosecurityteam.net/index.php?action=advisories&id=29 http://www.securityfocus.com/archive/1/450183/100/0/threaded http://www.securityfocus.com/bid/20829 http://www.vupen.com/english/advisories/2006/4295 https://exchange.xforce.ibmcloud.com/vulnerabilities/29940 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1846
https://notcve.org/view.php?id=CVE-2006-1846
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others. • http://secunia.com/advisories/18972 http://www.osvdb.org/23431 http://www.securityfocus.com/bid/16774 http://www.vupen.com/english/advisories/2006/0687 •