Page 5 of 26 results (0.006 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 2

Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation. Vulnerabilidad de escalado de directorio en autohtml.php en el módulo AutoHTML para PHP-Nuke permite a usuarios locales incluir archivos de su elección mediante un .. (punto punto) en el parámetro name de una operación modload. • https://www.exploit-db.com/exploits/28388 http://securityreason.com/securityalert/1398 http://www.lezr.com/vb/showthread.php?p=104324 http://www.securityfocus.com/archive/1/443289/100/0/threaded http://www.securityfocus.com/bid/19525 https://exchange.xforce.ibmcloud.com/vulnerabilities/28388 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php en PHP-Nuke INP permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro query. • https://www.exploit-db.com/exploits/28294 http://securityreason.com/securityalert/1311 http://www.aria-security.net/advisory/inp.txt http://www.securityfocus.com/archive/1/441490/100/0/threaded http://www.securityfocus.com/bid/19208 https://exchange.xforce.ibmcloud.com/vulnerabilities/28062 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op. Vulnerabilidad de inyección SQL en el módulo Sections para PHP-Nuke permite a atacantes remotos ejecutar comandos sql de su elección mediante el parámetro artid en una operación viewarticle. • http://www.securityfocus.com/archive/1/438596/100/200/threaded http://www.securityfocus.com/bid/27879 https://exchange.xforce.ibmcloud.com/vulnerabilities/27501 https://www.exploit-db.com/exploits/5154 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op. Vulnerabilidad de inyección SQL en el módulo Nuke Advanced Classifieds para PHP-Nuke permite a atacantes remotos ejecutar comandos SQL de su eleccióna través del parámetro id_ads en un opEditAds. • http://www.securityfocus.com/archive/1/438817/100/100/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27501 •

CVSS: 6.4EPSS: 4%CPEs: 1EXPL: 1

Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value. • https://www.exploit-db.com/exploits/1866 http://securityreason.com/securityalert/1040 http://www.securityfocus.com/archive/1/435407/100/0/threaded http://www.securityfocus.com/archive/1/435611/100/0/threaded http://www.securityfocus.com/archive/1/435705/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27368 •