CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2007-1449
https://notcve.org/view.php?id=CVE-2007-1449
Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. Vulnerabilidad de escalado de directorio en mainfile.php del PHP-Nuke 8.0 y versiones anteriores permite a atacantes remotos leer ficheros de su elección mediante un .. (punto punto) en el parámetro lang. • http://secunia.com/advisories/24484 http://www.securityfocus.com/archive/1/462443/100/0/threaded http://www.securityfocus.com/archive/1/462588/100/0/threaded http://www.securityfocus.com/bid/22909 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2007-1450
https://notcve.org/view.php?id=CVE-2007-1450
SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter. Vulnerabilidad de inyección SQL en el mainfile.php del PHP-Nuke 8.0 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección en módulo Top o News mediante el parámetro lang. • http://www.securityfocus.com/archive/1/462443/100/0/threaded http://www.securityfocus.com/bid/22909 •
CVSS: 6.8EPSS: 89%CPEs: 1EXPL: 3CVE-2007-1061 – PHP-Nuke 8.0 Final - 'INSERT' Blind SQL Injection (MySQL)
https://notcve.org/view.php?id=CVE-2007-1061
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). Vulnerabilidad de inyección SQL en index.php del Francisco Burzi PHP-Nuke 8.0 Final y versiones anteriores, cuando el bloque de las "Referencias HTTP" está habilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cabecera HTTP Referer (variable HTTP_REFERER). • https://www.exploit-db.com/exploits/3344 https://www.exploit-db.com/exploits/3345 https://www.exploit-db.com/exploits/3346 http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052570.html http://osvdb.org/33316 http://secunia.com/advisories/24224 http://www.securityfocus.com/archive/1/461148/100/0/threaded http://www.securityfocus.com/bid/22638 http://www.vupen.com/english/advisories/2007/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/32607 •
CVSS: 7.5EPSS: 55%CPEs: 1EXPL: 2CVE-2007-0309 – PHP-Nuke 7.x - 'Block-Old_Articles.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-0309
SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en blocks/block-Old_Articles.php en Francisco Burzi PHP-Nuke 7.9 y versiones anteriores, cuando register_globals está activado y magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat. • https://www.exploit-db.com/exploits/29453 http://osvdb.org/32863 http://secunia.com/advisories/23748 http://securityreason.com/securityalert/2153 http://securitytracker.com/id?1017511 http://www.neosecurityteam.net/advisories/PHP-Nuke--7.9-Old-Articles-Block-cat-SQL-Injection-vulnerability-31.html http://www.securityfocus.com/archive/1/456787/100/0/threaded http://www.securityfocus.com/bid/22037 https://exchange.xforce.ibmcloud.com/vulnerabilities/31482 •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1CVE-2006-6200
https://notcve.org/view.php?id=CVE-2006-6200
Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. Múltiples vulnerabilidades de inyección SQL en las funciones (1) rate_article y (2) rate_complete en modules/News/index.php en el módulo News en Francisco Burzi PHP-Nuke 7.9 y anteriores, cuando magic_quotes_gpc está desactivado, permite a un atacante remoto ejecutar comandos SQL a través del parámetro sid. • http://secunia.com/advisories/23128 http://securityreason.com/securityalert/1935 http://securitytracker.com/id?1017282 http://www.neosecurityteam.net/index.php?action=advisories&id=30 http://www.securityfocus.com/archive/1/452553/100/0/threaded http://www.securityfocus.com/bid/21277 http://www.vupen.com/english/advisories/2006/4739 https://exchange.xforce.ibmcloud.com/vulnerabilities/30525 •