Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

phpnuke php-nuke 8.0 vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2007-4212
Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote malicious users to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload at...
Phpnuke Php-nuke 7.5Phpnuke Php-nuke 7.6Phpnuke Php-nuke 7.0Phpnuke Php-nuke 7.7Phpnuke Php-nuke 7.8Phpnuke Php-nuke 7.1Phpnuke Php-nuke 7.2Phpnuke Php-nuke 7.9Phpnuke Php-nuke 8.0Phpnuke Php-nuke 7.3Phpnuke Php-nuke 7.4
4.3
CVSSv2
CVE-2007-1449
Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the lang parameter.
Phpnuke Php-nuke 7.0Phpnuke Php-nuke 7.1Phpnuke Php-nuke 7.9Phpnuke Php-nuke 8.0Phpnuke Php-nuke 7.2Phpnuke Php-nuke 7.3Phpnuke Php-nuke 8.0.0Phpnuke Php-nuke 7.6Phpnuke Php-nuke 7.7Phpnuke Php-nuke 7.8Phpnuke Php-nuke 7.4Phpnuke Php-nuke 7.5
7.5
CVSSv2
CVE-2011-1480
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the chng_uid parameter.
Phpnuke Php-nuke 5.6Phpnuke Php-nuke 7.3Phpnuke Php-nuke 7.4Phpnuke Php-nuke 7.1Phpnuke Php-nuke 5.0.1Phpnuke Php-nuke 5.5Phpnuke Php-nuke 7.9Phpnuke Php-nuke 5.3Phpnuke Php-nuke 6.9Phpnuke Php-nuke 5.3.1Phpnuke Php-nuke 5.0Phpnuke Php-nuke 6.8Phpnuke Php-nuke 6.6Phpnuke Php-nuke 7.5Phpnuke Php-nuke 7.2Phpnuke Php-nuke 7.7Phpnuke Php-nukePhpnuke Php-nuke 5.2Phpnuke Php-nuke 7.8Phpnuke Php-nuke 6.0Phpnuke Php-nuke 6.7Phpnuke Php-nuke 7.0
4.3
CVSSv2
CVE-2011-1481
Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.
Phpnuke Php-nuke 5.6Phpnuke Php-nuke 7.3Phpnuke Php-nuke 7.4Phpnuke Php-nuke 7.1Phpnuke Php-nuke 5.0.1Phpnuke Php-nuke 5.5Phpnuke Php-nuke 7.9Phpnuke Php-nuke 5.3Phpnuke Php-nuke 6.9Phpnuke Php-nuke 5.3.1Phpnuke Php-nuke 5.0Phpnuke Php-nuke 6.8Phpnuke Php-nuke 6.6Phpnuke Php-nuke 7.5Phpnuke Php-nuke 7.2Phpnuke Php-nuke 7.7Phpnuke Php-nukePhpnuke Php-nuke 5.2Phpnuke Php-nuke 7.8Phpnuke Php-nuke 6.0Phpnuke Php-nuke 6.7Phpnuke Php-nuke 7.0
6.8
CVSSv2
CVE-2011-1482
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative pri...
Phpnuke Php-nuke 5.6Phpnuke Php-nuke 7.3Phpnuke Php-nuke 7.4Phpnuke Php-nuke 7.1Phpnuke Php-nuke 5.0.1Phpnuke Php-nuke 5.5Phpnuke Php-nuke 7.9Phpnuke Php-nuke 5.3Phpnuke Php-nuke 6.9Phpnuke Php-nuke 5.3.1Phpnuke Php-nuke 5.0Phpnuke Php-nuke 6.8Phpnuke Php-nuke 6.6Phpnuke Php-nuke 7.5Phpnuke Php-nuke 7.2Phpnuke Php-nuke 7.7Phpnuke Php-nukePhpnuke Php-nuke 5.2Phpnuke Php-nuke 7.8Phpnuke Php-nuke 6.0Phpnuke Php-nuke 6.7Phpnuke Php-nuke 7.0
7.5
CVSSv2
CVE-2008-6728
SQL injection vulnerability in the Sections module in PHP-Nuke, probably prior to 8.0, allows remote malicious users to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
Phpnuke Php-nuke 7.1Phpnuke Php-nuke 7.2Phpnuke Php-nuke 7.0Phpnuke Php-nuke 6.5Phpnuke Php-nuke 5.6Phpnuke Php-nuke 5.4Phpnuke Php-nuke 5.5Phpnuke Php-nuke 7.6Phpnuke Php-nuke 7.5Phpnuke Php-nuke 5.3Phpnuke Php-nuke 5.3.1Phpnuke Php-nuke 6.9Phpnuke Php-nukePhpnuke Php-nuke 7.4Phpnuke Php-nuke 7.3Phpnuke Php-nuke 5.1Phpnuke Php-nuke 5.2Phpnuke Php-nuke 6.7Phpnuke Php-nuke 6.8Phpnuke Php-nuke 7.8Phpnuke Php-nuke 7.7Phpnuke Php-nuke 5.0
6.8
CVSSv2
CVE-2007-1520
The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and previous versions does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote malicious users to conduct CSRF attacks.
Phpnuke Php-nuke 5.6Phpnuke Php-nuke 7.3Phpnuke Php-nuke 7.4Phpnuke Php-nuke 7.1Phpnuke Php-nuke 7.9Phpnuke Php-nuke 7.5Phpnuke Php-nuke 7.2Phpnuke Php-nuke 7.7Phpnuke Php-nukePhpnuke Php-nuke 7.8Phpnuke Php-nuke 7.0Phpnuke Php-nuke 6.5Phpnuke Php-nuke 7.6
7.5
CVSSv2
CVE-2007-1450
SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and previous versions allows remote malicious users to execute arbitrary SQL commands in the Top or News module via the lang parameter.
Phpnuke Php-nuke 7.4Phpnuke Php-nuke 7.5Phpnuke Php-nuke 7.6Phpnuke Php-nuke 7.7Phpnuke Php-nuke 7.2Phpnuke Php-nuke 7.3Phpnuke Php-nuke 8.0.0Phpnuke Php-nuke 7.0Phpnuke Php-nuke 7.1Phpnuke Php-nuke 7.8Phpnuke Php-nuke 7.9
5
CVSSv2
CVE-2011-3784
Francisco Burzi PHP-Nuke 8.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
Phpnuke Php-nuke 8.0
7.5
CVSSv2
CVE-2009-1842
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote malicious users to execute arbitrary SQL commands via the HTTP Referer header.
Phpnuke Php-nuke 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook