Page 4 of 22 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 3

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. • https://www.exploit-db.com/exploits/22597 http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html http://www.securityfocus.com/bid/7588 https://exchange.xforce.ibmcloud.com/vulnerabilities/11984 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en el módulo de estadísticas de PHP-Nuke 6.0 y anteriores permite que atacantes remotos inserten script web arbitrario mediante el parámetro year. • http://marc.info/?l=bugtraq&m=105319538308834&w=2 •

CVSS: 5.0EPSS: 2%CPEs: 14EXPL: 3

sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. • https://www.exploit-db.com/exploits/21233 http://www.securityfaq.com/unixfocus/5OP041P6BE.html http://www.securityfocus.com/bid/3906 •

CVSS: 7.5EPSS: 4%CPEs: 13EXPL: 1

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. index.php en Francisco Burzi PHP-Nuke 5.3.1 y versiones anteriores permite a atacantes remotos ejecutar código PHP arbitrario especificando una URL al código malicioso en el parámetro fichero ('file'). • https://www.exploit-db.com/exploits/21230 http://marc.info/?l=bugtraq&m=101121913914205&w=2 http://www.kb.cert.org/vuls/id/221683 http://www.securityfocus.com/bid/3889 https://exchange.xforce.ibmcloud.com/vulnerabilities/7914 •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. • http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html http://sourceforge.net/forum/forum.php?forum_id=113892 http://www.securityfocus.com/bid/3361 https://exchange.xforce.ibmcloud.com/vulnerabilities/7170 •