CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2006-5720 – PHP-Nuke 7.x Journal Module - 'search.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5720
04 Nov 2006 — SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. Vulnerabilidad de inyección SQL en modules/journal/search.php en el módulo Journal en Francisco Burzi PHP-Nuke 7.9 y anteriores, permite a un atacante remoto ejecutar comandos SQL de su elección a través de un parámetro forwhat. • https://www.exploit-db.com/exploits/28885 •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 2CVE-2006-5525 – PHP-Nuke 7.9 - 'Encyclopedia' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5525
26 Oct 2006 — Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. Vulnerabilidad de lista negra incompleta en mainfile.php en PHP-Nuke 7.9 y anteriores permite a un atacante remoto llevar a cabo un ataque de inyección S... • https://www.exploit-db.com/exploits/2617 •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2005-3016
https://notcve.org/view.php?id=CVE-2005-3016
21 Sep 2005 — Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. • http://secunia.com/advisories/16843 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2005-1180
https://notcve.org/view.php?id=CVE-2005-1180
19 Apr 2005 — HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. • http://marc.info/?l=bugtraq&m=111359804013536&w=2 •
CVSS: 9.1EPSS: 1%CPEs: 28EXPL: 2CVE-2004-2044 – PHP-Nuke 5.x/6.x/7.x - Direct Script Access Security Bypass
https://notcve.org/view.php?id=CVE-2004-2044
01 Jun 2004 — PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. • https://www.exploit-db.com/exploits/24166 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 2CVE-2004-1984
https://notcve.org/view.php?id=CVE-2004-1984
02 May 2004 — Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108360247732014&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 2CVE-2004-1985 – Coppermine Photo Gallery 1.2.2b - 'menu.inc.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1985
30 Apr 2004 — Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter. • https://www.exploit-db.com/exploits/24072 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 3CVE-2004-1987
https://notcve.org/view.php?id=CVE-2004-1987
30 Apr 2004 — picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters. • http://marc.info/?l=bugtraq&m=108360247732014&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 4CVE-2004-1988 – Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2004-1988
30 Apr 2004 — PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php. • https://www.exploit-db.com/exploits/24074 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 4CVE-2004-1989 – Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2004-1989
30 Apr 2004 — PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. • https://www.exploit-db.com/exploits/24075 •