CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2006-5720 – PHP-Nuke 7.x Journal Module - 'search.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5720
04 Nov 2006 — SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. Vulnerabilidad de inyección SQL en modules/journal/search.php en el módulo Journal en Francisco Burzi PHP-Nuke 7.9 y anteriores, permite a un atacante remoto ejecutar comandos SQL de su elección a través de un parámetro forwhat. • https://www.exploit-db.com/exploits/28885 •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 2CVE-2006-5525 – PHP-Nuke 7.9 - 'Encyclopedia' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5525
26 Oct 2006 — Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. Vulnerabilidad de lista negra incompleta en mainfile.php en PHP-Nuke 7.9 y anteriores permite a un atacante remoto llevar a cabo un ataque de inyección S... • https://www.exploit-db.com/exploits/2617 •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2005-3016
https://notcve.org/view.php?id=CVE-2005-3016
21 Sep 2005 — Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. • http://secunia.com/advisories/16843 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2005-1180
https://notcve.org/view.php?id=CVE-2005-1180
19 Apr 2005 — HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. • http://marc.info/?l=bugtraq&m=111359804013536&w=2 •
CVSS: 9.1EPSS: 1%CPEs: 28EXPL: 2CVE-2004-2044 – PHP-Nuke 5.x/6.x/7.x - Direct Script Access Security Bypass
https://notcve.org/view.php?id=CVE-2004-2044
01 Jun 2004 — PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. • https://www.exploit-db.com/exploits/24166 •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 3CVE-2004-0269 – PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
https://notcve.org/view.php?id=CVE-2004-0269
18 Mar 2004 — SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. Vulnerabilidad de inyección de SQL en PHP-Nuke 6.9 y anteriores, y posiblemente 6.x, permite a atacantes remotos inyectar código SQL de su elección y obtener información sensible mediante (1) la variable category en el módulo Search. o (2) la variable... • https://www.exploit-db.com/exploits/22589 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 3CVE-2003-1210 – PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection
https://notcve.org/view.php?id=CVE-2003-1210
31 Dec 2003 — Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. • https://www.exploit-db.com/exploits/22597 •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 3CVE-2003-1400 – PHP-Nuke 5.x/6.0 - Avatar HTML Injection
https://notcve.org/view.php?id=CVE-2003-1400
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. • https://www.exploit-db.com/exploits/22211 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0318
https://notcve.org/view.php?id=CVE-2003-0318
22 May 2003 — Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en el módulo de estadísticas de PHP-Nuke 6.0 y anteriores permite que atacantes remotos inserten script web arbitrario mediante el parámetro year. • http://marc.info/?l=bugtraq&m=105319538308834&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0279
https://notcve.org/view.php?id=CVE-2003-0279
14 May 2003 — Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. Múltiples vulnerabilidades de inyección SQL en el módulo Web_Links para PHP-Nuke 5.x hasta 6.5 permite que atacantes remotos roben información mediante campos numéricos, como se ha demostrado usando (1) la función viewlink y el parámetro cid, o (2) index.php. • http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html •