CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2006-4190 – PHP-Nuke 2.0 AutoHTML Module - Local File Inclusion
https://notcve.org/view.php?id=CVE-2006-4190
17 Aug 2006 — Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation. Vulnerabilidad de escalado de directorio en autohtml.php en el módulo AutoHTML para PHP-Nuke permite a usuarios locales incluir archivos de su elección mediante un .. (punto punto) en el parámetro name de una operación modload. • https://www.exploit-db.com/exploits/28388 •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 2CVE-2006-3948 – PHP-Nuke - 'INP modules.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3948
01 Aug 2006 — Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php en PHP-Nuke INP permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro query. • https://www.exploit-db.com/exploits/28294 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3598
https://notcve.org/view.php?id=CVE-2006-3598
14 Jul 2006 — SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op. Vulnerabilidad de inyección SQL en el módulo Sections para PHP-Nuke permite a atacantes remotos ejecutar comandos sql de su elección mediante el parámetro artid en una operación viewarticle. • http://www.securityfocus.com/archive/1/438596/100/200/threaded •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3599
https://notcve.org/view.php?id=CVE-2006-3599
14 Jul 2006 — SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op. Vulnerabilidad de inyección SQL en el módulo Nuke Advanced Classifieds para PHP-Nuke permite a atacantes remotos ejecutar comandos SQL de su eleccióna través del parámetro id_ads en un opEditAds. • http://www.securityfocus.com/archive/1/438817/100/100/threaded •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2006-2828 – PHP-Nuke 7.9 Final - 'phpbb_root_path' Remote File Inclusions
https://notcve.org/view.php?id=CVE-2006-2828
05 Jun 2006 — Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) ad... • https://www.exploit-db.com/exploits/1866 •
CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 3CVE-2006-0185 – PHP-Nuke News Submission Story - Text Field Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0185
12 Jan 2006 — Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. • https://www.exploit-db.com/exploits/27060 •