CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 2CVE-2011-1480
https://notcve.org/view.php?id=CVE-2011-1480
21 Jun 2011 — SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter. Vulnerabilidad de inyección SQL en admin.php en la zona de administración de Francisco Burzi PHP-Nuke v8.0 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro chng_uid. • http://www.openwall.com/lists/oss-security/2011/03/23/7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 2CVE-2011-1481
https://notcve.org/view.php?id=CVE-2011-1481
21 Jun 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Francisco Burzi PHP-Nuke v8.0 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro a (1)sender_name o (2)sender_em... • http://www.openwall.com/lists/oss-security/2011/03/23/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 2CVE-2011-1482
https://notcve.org/view.php?id=CVE-2011-1482
21 Jun 2011 — Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en mainfile.php en Francisco Burzi PHP-Nuke v8.0 , permite a atacantes remotos ... • http://www.openwall.com/lists/oss-security/2011/03/23/9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 1CVE-2008-6728
https://notcve.org/view.php?id=CVE-2008-6728
20 Apr 2009 — SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php. Vulnerabilidad de inyección SQL en el modulo "Sections" de PHP-Nuke probablemente en versiones anteriores a v8.0. Permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro "artid" de una acción printpage solicitada a modules.php. • http://marc.info/?l=bugtraq&m=123073887531700&w=2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2008-2020
https://notcve.org/view.php?id=CVE-2008-2020
30 Apr 2008 — The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack usi... • http://securityreason.com/securityalert/3834 • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2008-0461 – PHP-Nuke 8.0 Final - 'sid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0461
25 Jan 2008 — SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el fichero index.php del módulo Search de PHP-Nuke 8.0 FINAL y versiones anteriores. Cuando magic_quotes_gpc está deshabilitado, permite que atacantes remoto... • https://www.exploit-db.com/exploits/4965 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 41EXPL: 0CVE-2007-5032
https://notcve.org/view.php?id=CVE-2007-5032
21 Sep 2007 — Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. Falsificación de petición en sitios cruzados (CSRF) en admin.php de Francisco Burzi PHP-Nuke permite a atacantes remotos añadir cuentas administrativas mediante una acción AddAuthor con parámetros add_name y add_radminsuper modificados. • http://osvdb.org/42521 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2007-4212
https://notcve.org/view.php?id=CVE-2007-4212
08 Aug 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el Módulo de búsqueda de PHP-Nuke permiten a atacantes remotos inyectar secuencias de comandos web... • http://osvdb.org/42538 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2007-1519
https://notcve.org/view.php?id=CVE-2007-1519
20 Mar 2007 — Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el archivo modules.php en PHP-Nuke versión 8.0 y anteriores, permite que los atacantes remotos inyecten un script web o HTML arbitrario por medio del parámetro query en una operación search en el m... • http://phpfi.com/214668 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 3CVE-2007-1520
https://notcve.org/view.php?id=CVE-2007-1520
20 Mar 2007 — The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks. La protección de cross-site request forgery (CSRF) en PHP-Nuke versión 8.0 y anteriores, no garantiza que la superglobal SERVER sea una matriz antes de validar la HTTP_REFERER, que permite a los atacantes remotos realizar ataques CSRF. • http://osvdb.org/34501 • CWE-352: Cross-Site Request Forgery (CSRF) •