CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2008-4088 – myPHPNuke < 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2008-4088
15 Sep 2008 — SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter. Vulnerabilidad de inyección SQL en print.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sid. • https://www.exploit-db.com/exploits/6338 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 1CVE-2008-4089 – myPHPNuke < 1.8.8_8rc2 - Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2008-4089
15 Sep 2008 — Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en print.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos inyectar web script o HTML a través del parámetro sid. • https://www.exploit-db.com/exploits/6338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2008-4092 – myPHPNuke < 1.8.8_8rc2 - 'artid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4092
15 Sep 2008 — SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. Vulnerabilidad de inyección SQL en printfeature.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro artid. • https://www.exploit-db.com/exploits/6347 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 5%CPEs: 3EXPL: 3CVE-2006-0923 – myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0923
28 Feb 2006 — Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php. • https://www.exploit-db.com/exploits/27309 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 3CVE-2003-1372 – myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-1372
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. • https://www.exploit-db.com/exploits/22268 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2002-1913
https://notcve.org/view.php?id=CVE-2002-1913
31 Dec 2002 — phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable. • http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html •