CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 2CVE-2004-1932 – PHP-Nuke - SQL Injection Edit/Save Messages
https://notcve.org/view.php?id=CVE-2004-1932
12 Apr 2004 — SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. • https://www.exploit-db.com/exploits/465 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2004-1830 – PHP-Nuke Error Manager Module 2.1 - 'error.php?language' Full Path Disclosure
https://notcve.org/view.php?id=CVE-2004-1830
18 Mar 2004 — error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. • https://www.exploit-db.com/exploits/23844 •
CVSS: 6.8EPSS: 8%CPEs: 13EXPL: 3CVE-2004-0265 – PHP-Nuke 6.x/7.x 'Reviews' Module - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0265
18 Mar 2004 — Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php de Php-Nuke 6.x- 7.1.0 permite a atacantes remotos ejecutar scripts de su elección como otros usuarios mediante parámetros (1) título o (2) fname codifacidos en URL en los módulos News o Reviews. • https://www.exploit-db.com/exploits/23669 •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 2CVE-2004-0266 – PHP-Nuke 6.x/7.x - Public Message SQL Injection
https://notcve.org/view.php?id=CVE-2004-0266
18 Mar 2004 — SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. Vulnerabilidad de inyección de SQL en la capacidad "mensaje público" (public_message) de php-nuke 6.x a 7.1.0 permite a atacantes remotos obtener la contraseña de administrador mediante el parámetro cmid. • https://www.exploit-db.com/exploits/23670 •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 3CVE-2004-0269 – PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
https://notcve.org/view.php?id=CVE-2004-0269
18 Mar 2004 — SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. Vulnerabilidad de inyección de SQL en PHP-Nuke 6.9 y anteriores, y posiblemente 6.x, permite a atacantes remotos inyectar código SQL de su elección y obtener información sensible mediante (1) la variable category en el módulo Search. o (2) la variable... • https://www.exploit-db.com/exploits/22589 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 3CVE-2003-1210 – PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection
https://notcve.org/view.php?id=CVE-2003-1210
31 Dec 2003 — Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. • https://www.exploit-db.com/exploits/22597 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2003-1340
https://notcve.org/view.php?id=CVE-2003-1340
31 Dec 2003 — Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279. • http://securityreason.com/securityalert/3185 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 3CVE-2003-1400 – PHP-Nuke 5.x/6.0 - Avatar HTML Injection
https://notcve.org/view.php?id=CVE-2003-1400
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. • https://www.exploit-db.com/exploits/22211 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2003-1435 – PHP-Nuke 5.6/6.0 - Search Engine SQL Injection
https://notcve.org/view.php?id=CVE-2003-1435
31 Dec 2003 — SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. • https://www.exploit-db.com/exploits/22266 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 3CVE-2003-1468 – PHP-Nuke 6.0/6.5 Web_Links Module - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2003-1468
31 Dec 2003 — The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. • https://www.exploit-db.com/exploits/22598 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •