CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 3CVE-2006-0805 – PHP-Nuke 7.x - CAPTCHA Bypass
https://notcve.org/view.php?id=CVE-2006-0805
21 Feb 2006 — The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. • https://www.exploit-db.com/exploits/27249 •
CVSS: 6.1EPSS: 3%CPEs: 18EXPL: 3CVE-2006-0676 – PHP-Nuke 6.x/7.x - 'header.php?Pagetitle' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0676
13 Feb 2006 — Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. • https://www.exploit-db.com/exploits/27208 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4715
https://notcve.org/view.php?id=CVE-2005-4715
31 Dec 2005 — Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. • http://archives.neohapsis.com/archives/bugtraq/2005-09/0119.html •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 2CVE-2005-4260 – PHP-Nuke 7.x - Content Filtering Bypass
https://notcve.org/view.php?id=CVE-2005-4260
15 Dec 2005 — Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke. Conflicto de interpretación en incl... • https://www.exploit-db.com/exploits/26817 •
CVSS: 9.8EPSS: 64%CPEs: 7EXPL: 3CVE-2005-3792 – PHP-Nuke 7.8 Search Module - SQL Injection
https://notcve.org/view.php?id=CVE-2005-3792
24 Nov 2005 — Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. Múltiples vulnerabilidades de inyección de SQL en el módulo de Busqueda de PHP-Nuke 7.8, y posiblemente otras versiones anteriores a 7.9 con el parche 3.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios, como se ha demostrado mediante el parámetro... • https://www.exploit-db.com/exploits/1326 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2005-3304 – PHP-Nuke Downloads Module - 'url' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3304
25 Oct 2005 — Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. • https://www.exploit-db.com/exploits/32747 •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2005-3016
https://notcve.org/view.php?id=CVE-2005-3016
21 Sep 2005 — Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. • http://secunia.com/advisories/16843 •