CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2008-4092 – myPHPNuke < 1.8.8_8rc2 - 'artid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4092
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. Vulnerabilidad de inyección SQL en printfeature.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro artid. • https://www.exploit-db.com/exploits/6347 http://securityreason.com/securityalert/4261 http://websecurity.com.ua/2398 http://www.securityfocus.com/bid/30959 http://www.vupen.com/english/advisories/2008/2469 https://exchange.xforce.ibmcloud.com/vulnerabilities/44798 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2008-4089 – myPHPNuke < 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2008-4089
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en print.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos inyectar web script o HTML a través del parámetro sid. • https://www.exploit-db.com/exploits/6338 http://www.securityfocus.com/bid/30942 http://www.securityfocus.com/bid/31112 http://www.securityfocus.com/bid/31114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2008-4088 – myPHPNuke < 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2008-4088
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter. Vulnerabilidad de inyección SQL en print.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sid. • https://www.exploit-db.com/exploits/6338 http://securityreason.com/securityalert/4255 http://www.securityfocus.com/bid/30942 http://www.securityfocus.com/bid/31112 http://www.securityfocus.com/bid/31114 https://exchange.xforce.ibmcloud.com/vulnerabilities/45084 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3CVE-2006-6795 – myPHPNuke Module My_eGallery 2.5.6 - 'basepath' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-6795
PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. Vulnerabilidad de inclusión remota de archivo en PHP en galery/displayCategory.php del módulo My_eGallery 2.5.6 en myPHPNuke (MPN) permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro basepath. • https://www.exploit-db.com/exploits/3010 http://cyber-security.org/DataDetayAll.asp?Data_id=586 http://www.securityfocus.com/bid/21744 https://exchange.xforce.ibmcloud.com/vulnerabilities/31136 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 3CVE-2006-0923 – myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0923
Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php. • https://www.exploit-db.com/exploits/27309 https://www.exploit-db.com/exploits/27308 http://secunia.com/advisories/19052 http://securityreason.com/securityalert/491 http://www.myphpnuke.com/article.php?sid=1035&mode=thread&order=0 http://www.nukedx.com/?viewdoc=12 http://www.securityfocus.com/archive/1/425983/100/0/threaded http://www.securityfocus.com/bid/16815 http://www.vupen.com/english/advisories/2006/0750 https://exchange.xforce.ibmcloud.com/vulnerabilities/24887 •