CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 3CVE-2004-1930 – PHP-Nuke 6.x/7.x - CookieDecode Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1930
12 Apr 2004 — Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. • https://www.exploit-db.com/exploits/23990 •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 2CVE-2004-1932 – PHP-Nuke - SQL Injection Edit/Save Messages
https://notcve.org/view.php?id=CVE-2004-1932
12 Apr 2004 — SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. • https://www.exploit-db.com/exploits/465 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 4CVE-2004-1986 – Coppermine Photo Gallery 1.2.0 RC4 - 'startdir' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2004-1986
04 Apr 2004 — Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. • https://www.exploit-db.com/exploits/24073 •