CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1847
https://notcve.org/view.php?id=CVE-2006-1847
19 Apr 2006 — SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/18972 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-0907
https://notcve.org/view.php?id=CVE-2006-0907
28 Feb 2006 — SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. • http://www.securityfocus.com/archive/1/426083/100/0/threaded •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-0908
https://notcve.org/view.php?id=CVE-2006-0908
28 Feb 2006 — PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. • http://securityreason.com/securityalert/497 •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 3CVE-2006-0805 – PHP-Nuke 7.x - CAPTCHA Bypass
https://notcve.org/view.php?id=CVE-2006-0805
21 Feb 2006 — The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. • https://www.exploit-db.com/exploits/27249 •
CVSS: 9.8EPSS: 42%CPEs: 1EXPL: 2CVE-2006-0679
https://notcve.org/view.php?id=CVE-2006-0679
16 Feb 2006 — SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). • http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0358.html •
CVSS: 6.1EPSS: 3%CPEs: 18EXPL: 3CVE-2006-0676 – PHP-Nuke 6.x/7.x - 'header.php?Pagetitle' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0676
13 Feb 2006 — Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. • https://www.exploit-db.com/exploits/27208 •
CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 3CVE-2006-0163 – PHP-Nuke 7.7 EV Search Module - SQL Injection
https://notcve.org/view.php?id=CVE-2006-0163
11 Jan 2006 — SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. • https://www.exploit-db.com/exploits/27058 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4715
https://notcve.org/view.php?id=CVE-2005-4715
31 Dec 2005 — Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. • http://archives.neohapsis.com/archives/bugtraq/2005-09/0119.html •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 2CVE-2005-4260 – PHP-Nuke 7.x - Content Filtering Bypass
https://notcve.org/view.php?id=CVE-2005-4260
15 Dec 2005 — Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke. Conflicto de interpretación en incl... • https://www.exploit-db.com/exploits/26817 •
CVSS: 9.8EPSS: 64%CPEs: 7EXPL: 3CVE-2005-3792 – PHP-Nuke 7.8 Search Module - SQL Injection
https://notcve.org/view.php?id=CVE-2005-3792
24 Nov 2005 — Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. Múltiples vulnerabilidades de inyección de SQL en el módulo de Busqueda de PHP-Nuke 7.8, y posiblemente otras versiones anteriores a 7.9 con el parche 3.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios, como se ha demostrado mediante el parámetro... • https://www.exploit-db.com/exploits/1326 •