Page 9 of 53 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 2

SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. • https://www.exploit-db.com/exploits/465 http://marc.info/?l=bugtraq&m=108180334918576&w=2 http://www.waraxe.us/index.php?modname=sa&id=18 https://exchange.xforce.ibmcloud.com/vulnerabilities/15835 •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 2

SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. Vulnerabilidad de inyección de SQL en la capacidad "mensaje público" (public_message) de php-nuke 6.x a 7.1.0 permite a atacantes remotos obtener la contraseña de administrador mediante el parámetro cmid. • https://www.exploit-db.com/exploits/23670 http://marc.info/?l=bugtraq&m=107635110327066&w=2 http://www.securityfocus.com/bid/9615 https://exchange.xforce.ibmcloud.com/vulnerabilities/15080 •

CVSS: 6.4EPSS: 0%CPEs: 26EXPL: 3

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. Vulnerabilidad de inyección de SQL en PHP-Nuke 6.9 y anteriores, y posiblemente 6.x, permite a atacantes remotos inyectar código SQL de su elección y obtener información sensible mediante (1) la variable category en el módulo Search. o (2) la variable admin en el módulo Web_Links. • https://www.exploit-db.com/exploits/22589 https://www.exploit-db.com/exploits/23680 http://marc.info/?l=bugtraq&m=107643348117646&w=2 http://www.scan-associates.net/papers/phpnuke69.txt http://www.securityfocus.com/bid/9630 https://exchange.xforce.ibmcloud.com/vulnerabilities/15115 •

CVSS: 6.8EPSS: 1%CPEs: 13EXPL: 3

Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php de Php-Nuke 6.x- 7.1.0 permite a atacantes remotos ejecutar scripts de su elección como otros usuarios mediante parámetros (1) título o (2) fname codifacidos en URL en los módulos News o Reviews. • https://www.exploit-db.com/exploits/23669 http://marc.info/?l=bugtraq&m=107634727520936&w=2 http://www.securityfocus.com/bid/9605 http://www.securityfocus.com/bid/9613 https://exchange.xforce.ibmcloud.com/vulnerabilities/15076 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1

error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. • https://www.exploit-db.com/exploits/23844 http://marc.info/?l=bugtraq&m=107963064317560&w=2 http://secunia.com/advisories/11164 http://www.osvdb.org/4386 http://www.securityfocus.com/bid/9911 https://exchange.xforce.ibmcloud.com/vulnerabilities/15524 •