CVE-2003-1340
https://notcve.org/view.php?id=CVE-2003-1340
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279. • http://securityreason.com/securityalert/3185 http://www.securityfocus.com/archive/1/323425 http://www.securityfocus.com/archive/1/480866/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2003-0318
https://notcve.org/view.php?id=CVE-2003-0318
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en el módulo de estadísticas de PHP-Nuke 6.0 y anteriores permite que atacantes remotos inserten script web arbitrario mediante el parámetro year. • http://marc.info/?l=bugtraq&m=105319538308834&w=2 •
CVE-2003-0279
https://notcve.org/view.php?id=CVE-2003-0279
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. Múltiples vulnerabilidades de inyección SQL en el módulo Web_Links para PHP-Nuke 5.x hasta 6.5 permite que atacantes remotos roben información mediante campos numéricos, como se ha demostrado usando (1) la función viewlink y el parámetro cid, o (2) index.php. • http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html http://marc.info/?l=bugtraq&m=105276019312980&w=2 http://www.securityfocus.com/bid/7558 http://www.securityfocus.com/bid/7588 https://exchange.xforce.ibmcloud.com/vulnerabilities/11984 •
CVE-2002-2032 – PHP-Nuke 4.x/5.x - SQL_Debug Information Disclosure
https://notcve.org/view.php?id=CVE-2002-2032
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php. • https://www.exploit-db.com/exploits/21233 http://www.securityfaq.com/unixfocus/5OP041P6BE.html http://www.securityfocus.com/bid/3906 •
CVE-2002-1242 – PHP-Nuke 5.6 - 'modules.php' SQL Injection
https://notcve.org/view.php?id=CVE-2002-1242
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. Vulnerabilidad de inyección de SQL en PHP-Nuke anterior a 6.0 permite a usuarios autenticados remotamente modificar la base de datos y ganar privilegios mediante un argumento "bio" en modules.php • https://www.exploit-db.com/exploits/21977 http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html http://marc.info/?l=bugtraq&m=103616324103171&w=2 http://www.idefense.com/advisory/10.31.02c.txt http://www.iss.net/security_center/static/10516.php http://www.osvdb.org/6244 http://www.securityfocus.com/bid/6088 •