CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2008-0461 – PHP-Nuke 8.0 Final - 'sid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0461
25 Jan 2008 — SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el fichero index.php del módulo Search de PHP-Nuke 8.0 FINAL y versiones anteriores. Cuando magic_quotes_gpc está deshabilitado, permite que atacantes remoto... • https://www.exploit-db.com/exploits/4965 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6376 – PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2007-6376
15 Dec 2007 — Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de cruce de directorios en autohtml.php de Francisco Burzi PHP-Nuke 8.0. Permite que atacantes remotos incluyan y ejecuten ficheros local a su ele... • https://www.exploit-db.com/exploits/30881 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 41EXPL: 0CVE-2007-5032
https://notcve.org/view.php?id=CVE-2007-5032
21 Sep 2007 — Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. Falsificación de petición en sitios cruzados (CSRF) en admin.php de Francisco Burzi PHP-Nuke permite a atacantes remotos añadir cuentas administrativas mediante una acción AddAuthor con parámetros add_name y add_radminsuper modificados. • http://osvdb.org/42521 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 66%CPEs: 1EXPL: 3CVE-2007-1061 – PHP-Nuke 8.0 Final - 'INSERT' Blind SQL Injection (MySQL)
https://notcve.org/view.php?id=CVE-2007-1061
22 Feb 2007 — SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). Vulnerabilidad de inyección SQL en index.php del Francisco Burzi PHP-Nuke 8.0 Final y versiones anteriores, cuando el bloque de las "Referencias HTTP" está habilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cabecera HTTP Refere... • https://www.exploit-db.com/exploits/3344 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2007-0372
https://notcve.org/view.php?id=CVE-2007-0372
19 Jan 2007 — Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. Múltiples vulnerabilidades de inyección SQL en Francisco Burzi PHP-Nuke 7.9 permite a atacantes remotos ejecutar co... • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html •
CVSS: 9.8EPSS: 33%CPEs: 1EXPL: 2CVE-2007-0309 – PHP-Nuke 7.x - 'Block-Old_Articles.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-0309
18 Jan 2007 — SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en blocks/block-Old_Articles.php en Francisco Burzi PHP-Nuke 7.9 y versiones anteriores, cuando register_globals está activado y magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elec... • https://www.exploit-db.com/exploits/29453 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6234
https://notcve.org/view.php?id=CVE-2006-6234
02 Dec 2006 — Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. Múltiples vulnerabilidades de inyección SQL en el módulo Content en PHP-Nuke 6.0, y posiblemente otras versiones, permite a atacantes remotos ejecutar comandos SQL de su elección a través (1) del parámetro cid en una acción list_pages_catego... • http://securityreason.com/securityalert/1953 •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 1CVE-2006-6200
https://notcve.org/view.php?id=CVE-2006-6200
01 Dec 2006 — Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. Múltiples vulnerabilidades de inyección SQL en las funciones (1) rate_article y (2) rate_complete en modules/News/index.php en el módulo News en Francisco Burzi PHP-Nuke 7.9 y anteriores, cuando magic_quotes_gpc ... • http://secunia.com/advisories/23128 •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2006-5720 – PHP-Nuke 7.x Journal Module - 'search.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5720
04 Nov 2006 — SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. Vulnerabilidad de inyección SQL en modules/journal/search.php en el módulo Journal en Francisco Burzi PHP-Nuke 7.9 y anteriores, permite a un atacante remoto ejecutar comandos SQL de su elección a través de un parámetro forwhat. • https://www.exploit-db.com/exploits/28885 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1846
https://notcve.org/view.php?id=CVE-2006-1846
19 Apr 2006 — Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others. • http://secunia.com/advisories/18972 •