CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 2CVE-2004-1932 – PHP-Nuke - SQL Injection Edit/Save Messages
https://notcve.org/view.php?id=CVE-2004-1932
12 Apr 2004 — SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. • https://www.exploit-db.com/exploits/465 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2004-1839
https://notcve.org/view.php?id=CVE-2004-1839
22 Mar 2004 — MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108006319730976&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2004-1840
https://notcve.org/view.php?id=CVE-2004-1840
22 Mar 2004 — Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. • http://marc.info/?l=bugtraq&m=108006319730976&w=2 •
CVSS: 6.8EPSS: 8%CPEs: 13EXPL: 3CVE-2004-0265 – PHP-Nuke 6.x/7.x 'Reviews' Module - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0265
18 Mar 2004 — Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php de Php-Nuke 6.x- 7.1.0 permite a atacantes remotos ejecutar scripts de su elección como otros usuarios mediante parámetros (1) título o (2) fname codifacidos en URL en los módulos News o Reviews. • https://www.exploit-db.com/exploits/23669 •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 2CVE-2004-0266 – PHP-Nuke 6.x/7.x - Public Message SQL Injection
https://notcve.org/view.php?id=CVE-2004-0266
18 Mar 2004 — SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. Vulnerabilidad de inyección de SQL en la capacidad "mensaje público" (public_message) de php-nuke 6.x a 7.1.0 permite a atacantes remotos obtener la contraseña de administrador mediante el parámetro cmid. • https://www.exploit-db.com/exploits/23670 •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 3CVE-2004-0269 – PHP-Nuke 5.x/6.x Web_Links Module - SQL Injection
https://notcve.org/view.php?id=CVE-2004-0269
18 Mar 2004 — SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. Vulnerabilidad de inyección de SQL en PHP-Nuke 6.9 y anteriores, y posiblemente 6.x, permite a atacantes remotos inyectar código SQL de su elección y obtener información sensible mediante (1) la variable category en el módulo Search. o (2) la variable... • https://www.exploit-db.com/exploits/22589 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 3CVE-2003-1210 – PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection
https://notcve.org/view.php?id=CVE-2003-1210
31 Dec 2003 — Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. • https://www.exploit-db.com/exploits/22597 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2003-1340
https://notcve.org/view.php?id=CVE-2003-1340
31 Dec 2003 — Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279. • http://securityreason.com/securityalert/3185 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 3CVE-2003-1468 – PHP-Nuke 6.0/6.5 Web_Links Module - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2003-1468
31 Dec 2003 — The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. • https://www.exploit-db.com/exploits/22598 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2003-1547
https://notcve.org/view.php?id=CVE-2003-1547
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. • http://secunia.com/advisories/8478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •