CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-4190 – PHP-Nuke 2.0 AutoHTML Module - Local File Inclusion
https://notcve.org/view.php?id=CVE-2006-4190
Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation. Vulnerabilidad de escalado de directorio en autohtml.php en el módulo AutoHTML para PHP-Nuke permite a usuarios locales incluir archivos de su elección mediante un .. (punto punto) en el parámetro name de una operación modload. • https://www.exploit-db.com/exploits/28388 http://securityreason.com/securityalert/1398 http://www.lezr.com/vb/showthread.php?p=104324 http://www.securityfocus.com/archive/1/443289/100/0/threaded http://www.securityfocus.com/bid/19525 https://exchange.xforce.ibmcloud.com/vulnerabilities/28388 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2006-3948 – PHP-Nuke - 'INP modules.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3948
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php en PHP-Nuke INP permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro query. • https://www.exploit-db.com/exploits/28294 http://securityreason.com/securityalert/1311 http://www.aria-security.net/advisory/inp.txt http://www.securityfocus.com/archive/1/441490/100/0/threaded http://www.securityfocus.com/bid/19208 https://exchange.xforce.ibmcloud.com/vulnerabilities/28062 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3598
https://notcve.org/view.php?id=CVE-2006-3598
SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op. Vulnerabilidad de inyección SQL en el módulo Sections para PHP-Nuke permite a atacantes remotos ejecutar comandos sql de su elección mediante el parámetro artid en una operación viewarticle. • http://www.securityfocus.com/archive/1/438596/100/200/threaded http://www.securityfocus.com/bid/27879 https://exchange.xforce.ibmcloud.com/vulnerabilities/27501 https://www.exploit-db.com/exploits/5154 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3599
https://notcve.org/view.php?id=CVE-2006-3599
SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op. Vulnerabilidad de inyección SQL en el módulo Nuke Advanced Classifieds para PHP-Nuke permite a atacantes remotos ejecutar comandos SQL de su eleccióna través del parámetro id_ads en un opEditAds. • http://www.securityfocus.com/archive/1/438817/100/100/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27501 •
CVSS: 6.4EPSS: 4%CPEs: 1EXPL: 1CVE-2006-2828 – PHP-Nuke 7.9 Final - 'phpbb_root_path' Remote File Inclusions
https://notcve.org/view.php?id=CVE-2006-2828
Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value. • https://www.exploit-db.com/exploits/1866 http://securityreason.com/securityalert/1040 http://www.securityfocus.com/archive/1/435407/100/0/threaded http://www.securityfocus.com/archive/1/435611/100/0/threaded http://www.securityfocus.com/archive/1/435705/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27368 •