Page 5 of 53 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke 6.x hasta la versión 7.6 permite a atacantes remotos obtener información sensible a través de una petición directa a (1) index.php con el parámetro forum_admin establecido, (2) el módulo Surveys o (3) el módulo Your_Account, lo que revela la ruta en un mensaje de error PHP. • http://marc.info/?l=bugtraq&m=111272010303144&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. • https://www.exploit-db.com/exploits/25341 http://marc.info/?l=bugtraq&m=111272010303144&w=2 http://www.securityfocus.com/archive/1/321324 http://www.securityfocus.com/bid/7570 https://exchange.xforce.ibmcloud.com/vulnerabilities/11994 •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 2

SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter. • https://www.exploit-db.com/exploits/921 http://marc.info/?l=bugtraq&m=111281649616901&w=2 http://www.waraxe.us/advisory-41.html •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. • http://www.securityfocus.com/bid/12561 http://www.waraxe.us/advisory-40.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19346 •

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 1

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. • http://www.securityfocus.com/bid/12561 http://www.waraxe.us/advisory-40.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19344 •