CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2006-5720 – PHP-Nuke 7.x Journal Module - 'search.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5720
04 Nov 2006 — SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. Vulnerabilidad de inyección SQL en modules/journal/search.php en el módulo Journal en Francisco Burzi PHP-Nuke 7.9 y anteriores, permite a un atacante remoto ejecutar comandos SQL de su elección a través de un parámetro forwhat. • https://www.exploit-db.com/exploits/28885 •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 2CVE-2006-5525 – PHP-Nuke 7.9 - 'Encyclopedia' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5525
26 Oct 2006 — Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. Vulnerabilidad de lista negra incompleta en mainfile.php en PHP-Nuke 7.9 y anteriores permite a un atacante remoto llevar a cabo un ataque de inyección S... • https://www.exploit-db.com/exploits/2617 •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2005-3016
https://notcve.org/view.php?id=CVE-2005-3016
21 Sep 2005 — Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. • http://secunia.com/advisories/16843 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2005-1180
https://notcve.org/view.php?id=CVE-2005-1180
19 Apr 2005 — HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. • http://marc.info/?l=bugtraq&m=111359804013536&w=2 •
CVSS: 9.1EPSS: 1%CPEs: 28EXPL: 2CVE-2004-2044 – PHP-Nuke 5.x/6.x/7.x - Direct Script Access Security Bypass
https://notcve.org/view.php?id=CVE-2004-2044
01 Jun 2004 — PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. • https://www.exploit-db.com/exploits/24166 •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 4CVE-2004-1929 – PHP-Nuke 6.x/7.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-1929
13 Apr 2004 — SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. • https://www.exploit-db.com/exploits/23998 •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 3CVE-2004-0269 – PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
https://notcve.org/view.php?id=CVE-2004-0269
18 Mar 2004 — SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. Vulnerabilidad de inyección de SQL en PHP-Nuke 6.9 y anteriores, y posiblemente 6.x, permite a atacantes remotos inyectar código SQL de su elección y obtener información sensible mediante (1) la variable category en el módulo Search. o (2) la variable... • https://www.exploit-db.com/exploits/22589 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 3CVE-2003-1210 – PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection
https://notcve.org/view.php?id=CVE-2003-1210
31 Dec 2003 — Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. • https://www.exploit-db.com/exploits/22597 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2003-1340
https://notcve.org/view.php?id=CVE-2003-1340
31 Dec 2003 — Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279. • http://securityreason.com/securityalert/3185 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 3CVE-2003-1400 – PHP-Nuke 5.x/6.0 - Avatar HTML Injection
https://notcve.org/view.php?id=CVE-2003-1400
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. • https://www.exploit-db.com/exploits/22211 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •