CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2007-1449
https://notcve.org/view.php?id=CVE-2007-1449
Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. Vulnerabilidad de escalado de directorio en mainfile.php del PHP-Nuke 8.0 y versiones anteriores permite a atacantes remotos leer ficheros de su elección mediante un .. (punto punto) en el parámetro lang. • http://secunia.com/advisories/24484 http://www.securityfocus.com/archive/1/462443/100/0/threaded http://www.securityfocus.com/archive/1/462588/100/0/threaded http://www.securityfocus.com/bid/22909 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2007-1450
https://notcve.org/view.php?id=CVE-2007-1450
SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter. Vulnerabilidad de inyección SQL en el mainfile.php del PHP-Nuke 8.0 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección en módulo Top o News mediante el parámetro lang. • http://www.securityfocus.com/archive/1/462443/100/0/threaded http://www.securityfocus.com/bid/22909 •
CVSS: 6.8EPSS: 89%CPEs: 1EXPL: 3CVE-2007-1061 – PHP-Nuke 8.0 Final - 'INSERT' Blind SQL Injection (MySQL)
https://notcve.org/view.php?id=CVE-2007-1061
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). Vulnerabilidad de inyección SQL en index.php del Francisco Burzi PHP-Nuke 8.0 Final y versiones anteriores, cuando el bloque de las "Referencias HTTP" está habilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cabecera HTTP Referer (variable HTTP_REFERER). • https://www.exploit-db.com/exploits/3344 https://www.exploit-db.com/exploits/3345 https://www.exploit-db.com/exploits/3346 http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052570.html http://osvdb.org/33316 http://secunia.com/advisories/24224 http://www.securityfocus.com/archive/1/461148/100/0/threaded http://www.securityfocus.com/bid/22638 http://www.vupen.com/english/advisories/2007/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/32607 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2007-0372
https://notcve.org/view.php?id=CVE-2007-0372
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. Múltiples vulnerabilidades de inyección SQL en Francisco Burzi PHP-Nuke 7.9 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) active en admin/modules/modules.php; el parámetro (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, o (6) position en modules/Advertising/admin/index.php; o vectores no especificados en las secciones (7) advertising, (8) weblinks, o (9) reviews. • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://osvdb.org/33698 http://osvdb.org/33699 http://osvdb.org/33700 http://osvdb.org/33701 http://osvdb.org/33702 http://www.hackers.ir/advisories/festival.txt http://www.securityfocus.com/archive/1/459174/100/0/threaded http://www.securityfocus.com/bid/22116 •
CVSS: 7.5EPSS: 55%CPEs: 1EXPL: 2CVE-2007-0309 – PHP-Nuke 7.x - 'Block-Old_Articles.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-0309
SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en blocks/block-Old_Articles.php en Francisco Burzi PHP-Nuke 7.9 y versiones anteriores, cuando register_globals está activado y magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat. • https://www.exploit-db.com/exploits/29453 http://osvdb.org/32863 http://secunia.com/advisories/23748 http://securityreason.com/securityalert/2153 http://securitytracker.com/id?1017511 http://www.neosecurityteam.net/advisories/PHP-Nuke--7.9-Old-Articles-Block-cat-SQL-Injection-vulnerability-31.html http://www.securityfocus.com/archive/1/456787/100/0/threaded http://www.securityfocus.com/bid/22037 https://exchange.xforce.ibmcloud.com/vulnerabilities/31482 •