Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-nuke vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2007-1626
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote malicious users to execute arbitrary PHP code via a URL in the file parameter.
Php-nuke Iframe Module
1 EDB exploit
5
CVSSv2
CVE-2007-3332
Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote malicious users to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action.
Php-nuke Satel Lite
1 EDB exploit
4.3
CVSSv2
CVE-2003-0318
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and previous versions allows remote malicious users to insert arbitrary web script via the year parameter.
Francisco Burzi Php-nuke
7.5
CVSSv2
CVE-2001-1032
admin.php in PHP-Nuke 5.2 and previous versions, except 5.0RC1, does not check login credentials for upload operations, which allows remote malicious users to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload par...
Francisco Burzi Php-nuke
7.5
CVSSv2
CVE-2006-6217
PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote malicious users to execute arbitrary PHP code via a URL in the module_name parameter.
Php-nuke Mermaid Module 1.2
7.5
CVSSv2
CVE-2006-6234
Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote malicious users to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action.
Francisco Burzi Php-nuke 6.0
4.3
CVSSv2
CVE-2006-1846
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote malicious users to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is u...
Francisco Burzi Php-nuke 7.8
7.5
CVSSv2
CVE-2006-1847
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote malicious users to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained sol...
Francisco Burzi Php-nuke 7.8
5
CVSSv2
CVE-2001-0854
PHP-Nuke 5.2 allows remote malicious users to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
Francisco Burzi Php-nuke 5.2
6.8
CVSSv2
CVE-2007-1934
Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.
Php-nuke Eboard Module 1.0.7
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »