CVSS: 9.1EPSS: 1%CPEs: 28EXPL: 2CVE-2004-2044 – PHP-Nuke 5.x/6.x/7.x - Direct Script Access Security Bypass
https://notcve.org/view.php?id=CVE-2004-2044
01 Jun 2004 — PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. • https://www.exploit-db.com/exploits/24166 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2004-1998
https://notcve.org/view.php?id=CVE-2004-1998
05 May 2004 — The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108378804809891&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 2CVE-2004-1999
https://notcve.org/view.php?id=CVE-2004-1999
05 May 2004 — Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. • http://marc.info/?l=bugtraq&m=108378804809891&w=2 •
CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 2CVE-2004-2000 – PHP-Nuke Downloads Module - 'sid' SQL Injection
https://notcve.org/view.php?id=CVE-2004-2000
05 May 2004 — SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php. • https://www.exploit-db.com/exploits/31283 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 2CVE-2004-1984
https://notcve.org/view.php?id=CVE-2004-1984
02 May 2004 — Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108360247732014&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 2CVE-2004-1985 – Coppermine Photo Gallery 1.2.2b - 'menu.inc.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1985
30 Apr 2004 — Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter. • https://www.exploit-db.com/exploits/24072 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 3CVE-2004-1987
https://notcve.org/view.php?id=CVE-2004-1987
30 Apr 2004 — picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters. • http://marc.info/?l=bugtraq&m=108360247732014&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 4CVE-2004-1988 – Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2004-1988
30 Apr 2004 — PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php. • https://www.exploit-db.com/exploits/24074 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 4CVE-2004-1989 – Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2004-1989
30 Apr 2004 — PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. • https://www.exploit-db.com/exploits/24075 •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 4CVE-2004-1929 – PHP-Nuke 6.x/7.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-1929
13 Apr 2004 — SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. • https://www.exploit-db.com/exploits/23998 •