Page 5 of 99 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/18972 http://www.osvdb.org/23432 http://www.securityfocus.com/bid/16774 http://www.vupen.com/english/advisories/2006/0687 https://exchange.xforce.ibmcloud.com/vulnerabilities/44730 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. • http://securityreason.com/securityalert/497 http://www.securityfocus.com/archive/1/426083/100/0/threaded http://www.waraxe.us/advisory-47.html •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. • http://www.securityfocus.com/archive/1/426083/100/0/threaded http://www.waraxe.us/advisory-47.html •

CVSS: 7.5EPSS: 2%CPEs: 21EXPL: 3

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. • https://www.exploit-db.com/exploits/27249 http://secunia.com/advisories/18936 http://securityreason.com/securityalert/455 http://www.securityfocus.com/archive/1/425394/100/0/threaded http://www.securityfocus.com/bid/16722 http://www.waraxe.us/advisory-45.html •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 3

Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. • https://www.exploit-db.com/exploits/27208 http://secunia.com/advisories/18820 http://securityreason.com/securityalert/425 http://www.securityfocus.com/archive/1/424956/100/0/threaded http://www.securityfocus.com/bid/16608 http://www.vupen.com/english/advisories/2006/0542 http://www.waraxe.us/advisory-44.html https://exchange.xforce.ibmcloud.com/vulnerabilities/24650 •