CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 3CVE-2004-1987
https://notcve.org/view.php?id=CVE-2004-1987
30 Apr 2004 — picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters. • http://marc.info/?l=bugtraq&m=108360247732014&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 4CVE-2004-1988 – Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2004-1988
30 Apr 2004 — PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php. • https://www.exploit-db.com/exploits/24074 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 4CVE-2004-1989 – Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2004-1989
30 Apr 2004 — PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. • https://www.exploit-db.com/exploits/24075 •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 4CVE-2004-1929 – PHP-Nuke 6.x/7.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-1929
13 Apr 2004 — SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. • https://www.exploit-db.com/exploits/23998 •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 3CVE-2004-1930 – PHP-Nuke 6.x/7.x - CookieDecode Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1930
12 Apr 2004 — Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. • https://www.exploit-db.com/exploits/23990 •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 2CVE-2004-1932 – PHP-Nuke - SQL Injection Edit/Save Messages
https://notcve.org/view.php?id=CVE-2004-1932
12 Apr 2004 — SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. • https://www.exploit-db.com/exploits/465 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 4CVE-2004-1986 – Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2004-1986
04 Apr 2004 — Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. • https://www.exploit-db.com/exploits/24073 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2004-1839
https://notcve.org/view.php?id=CVE-2004-1839
22 Mar 2004 — MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108006319730976&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2004-1840
https://notcve.org/view.php?id=CVE-2004-1840
22 Mar 2004 — Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. • http://marc.info/?l=bugtraq&m=108006319730976&w=2 •
CVSS: 6.8EPSS: 8%CPEs: 13EXPL: 3CVE-2004-0265 – PHP-Nuke 6.x/7.x 'Reviews' Module - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0265
18 Mar 2004 — Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php de Php-Nuke 6.x- 7.1.0 permite a atacantes remotos ejecutar scripts de su elección como otros usuarios mediante parámetros (1) título o (2) fname codifacidos en URL en los módulos News o Reviews. • https://www.exploit-db.com/exploits/23669 •