Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpnuke php-nuke vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-1028
PHP-Nuke 6.x up to and including 7.6 allows remote malicious users to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.
Phpnuke Php-nuke
4.3
CVSSv2
CVE-2007-1519
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.
Phpnuke Php-nuke
6.8
CVSSv2
CVE-2004-1842
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x up to and including 7.1.0 allows remote malicious users to gain administrative privileges via an img tag with a URL to admin.php.
Phpnuke Php-nuke
1 EDB exploit
7.5
CVSSv2
CVE-2010-5083
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote malicious users to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
Phpnuke Php-nuke 8.0
Phpnuke Web Links Module -
1 EDB exploit
7.5
CVSSv2
CVE-2014-3934
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote malicious users to execute arbitrary SQL commands via the topics[] parameter to modules.php.
Phpnuke Php-nuke 8.3
Phpnuke Submit News Module -
1 EDB exploit
7.5
CVSSv2
CVE-2006-5494
Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote malicious users to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. NOTE: this issue might ove...
Phpnuke Php-nuke 8.0
1 EDB exploit
5
CVSSv2
CVE-2011-3784
Francisco Burzi PHP-Nuke 8.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
Phpnuke Php-nuke 8.0
7.5
CVSSv2
CVE-2009-1842
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote malicious users to execute arbitrary SQL commands via the HTTP Referer header.
Phpnuke Php-nuke 8.0
1 EDB exploit
7.5
CVSSv2
CVE-2001-0899
Network Tools 0.2 for PHP-Nuke allows remote malicious users to execute commands on the server via shell metacharacters in the $hostinput variable.
Phpnuke Php-nuke
Rick Fournier Network Tools 0.2
1 EDB exploit
6.8
CVSSv2
CVE-2008-2020
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (...
My123tkshop E-commerce-suite 0.9.1
Phpmybittorrent Phpmybittorrent 1.2.2
Webze Webze 0.5.9
E107 E107 0.7.11
Labgab Labgab 1.1
Phpnuke Php-nuke 7.0
Torrentflux Project Torrentflux 2.3
Phpnuke Php-nuke 8.1
Opendb Opendb 1.5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »