Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-nuke vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2003-0318
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and previous versions allows remote malicious users to insert arbitrary web script via the year parameter.
Francisco Burzi Php-nuke
NA
CVE-2007-0309
SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and previous versions, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the cat parameter.
Francisco Burzi Php-nuke
1 EDB exploit
NA
CVE-2007-1626
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote malicious users to execute arbitrary PHP code via a URL in the file parameter.
Php-nuke Iframe Module
1 EDB exploit
NA
CVE-2007-3332
Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote malicious users to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action.
Php-nuke Satel Lite
1 EDB exploit
NA
CVE-2003-1526
PHP-Nuke 7.0 allows remote malicious users to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
Francisco Burzi Php-nuke 7.0
NA
CVE-2001-0854
PHP-Nuke 5.2 allows remote malicious users to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
Francisco Burzi Php-nuke 5.2
NA
CVE-2006-3599
SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the id_ads parameter in an EditAds op.
Php-nuke Advanced Classified Module
NA
CVE-2006-1846
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote malicious users to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is u...
Francisco Burzi Php-nuke 7.8
NA
CVE-2006-1847
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote malicious users to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained sol...
Francisco Burzi Php-nuke 7.8
NA
CVE-2009-0302
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and previous versions allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.
Php-nuke Downloads Module 8.0
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »