Page 7 of 92 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 2

SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter. • https://www.exploit-db.com/exploits/921 http://marc.info/?l=bugtraq&m=111281649616901&w=2 http://www.waraxe.us/advisory-41.html •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. • http://marc.info/?l=bugtraq&m=111289685724764&w=2 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module. • https://www.exploit-db.com/exploits/25339 https://www.exploit-db.com/exploits/25340 https://www.exploit-db.com/exploits/25343 https://www.exploit-db.com/exploits/25342 http://archives.neohapsis.com/archives/bugtraq/2005-04/0037.html http://marc.info/?l=bugtraq&m=111263454308478&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19952 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. • http://marc.info/?l=bugtraq&m=111289685724764&w=2 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function. • https://www.exploit-db.com/exploits/25360 http://marc.info/?l=bugtraq&m=111289685724764&w=2 •