CVSS: 7.5EPSS: 6%CPEs: 10EXPL: 1CVE-2006-5720 – PHP-Nuke 7.x Journal Module - 'search.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5720
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. Vulnerabilidad de inyección SQL en modules/journal/search.php en el módulo Journal en Francisco Burzi PHP-Nuke 7.9 y anteriores, permite a un atacante remoto ejecutar comandos SQL de su elección a través de un parámetro forwhat. • https://www.exploit-db.com/exploits/28885 http://secunia.com/advisories/22617 http://securityreason.com/securityalert/1812 http://www.neosecurityteam.net/index.php?action=advisories&id=29 http://www.securityfocus.com/archive/1/450183/100/0/threaded http://www.securityfocus.com/bid/20829 http://www.vupen.com/english/advisories/2006/4295 https://exchange.xforce.ibmcloud.com/vulnerabilities/29940 •
CVSS: 5.1EPSS: 4%CPEs: 10EXPL: 2CVE-2006-5525 – PHP-Nuke 7.9 - 'Encyclopedia' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5525
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. Vulnerabilidad de lista negra incompleta en mainfile.php en PHP-Nuke 7.9 y anteriores permite a un atacante remoto llevar a cabo un ataque de inyección SQL a través de las secuencias (1) "/**/UNION " o (2) " UNION/**/", lo cual no es aceptado por los mecanismos de protección, como se demostró por la inyección SQL a través del parámetro eid en una acción de búsqueda en el módulo Encyclopedia en modules.php. • https://www.exploit-db.com/exploits/2617 http://secunia.com/advisories/22511 http://www.neosecurityteam.net/index.php?action=advisories&id=27 http://www.securityfocus.com/bid/20674 http://www.vupen.com/english/advisories/2006/4149 https://exchange.xforce.ibmcloud.com/vulnerabilities/29705 •
CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 2CVE-2006-5494 – pandaBB - 'displayCategory' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-5494
Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might overlap CVE-2006-6795. Múltiples vulnerabilidades de inclusión remota de archivos de PHP en modules/My_eGallery/public/displayCategory.php en el módulo pandaBB para PHP-Nuke permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en los parámetros (1) adminpath o (2) basepath. • https://www.exploit-db.com/exploits/2599 http://secunia.com/advisories/22505 http://www.osvdb.org/29892 http://www.securityfocus.com/bid/20633 http://www.vupen.com/english/advisories/2006/4121 https://exchange.xforce.ibmcloud.com/vulnerabilities/29694 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1846
https://notcve.org/view.php?id=CVE-2006-1846
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others. • http://secunia.com/advisories/18972 http://www.osvdb.org/23431 http://www.securityfocus.com/bid/16774 http://www.vupen.com/english/advisories/2006/0687 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1847
https://notcve.org/view.php?id=CVE-2006-1847
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/18972 http://www.osvdb.org/23432 http://www.securityfocus.com/bid/16774 http://www.vupen.com/english/advisories/2006/0687 https://exchange.xforce.ibmcloud.com/vulnerabilities/44730 •