Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-nuke vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-0906
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
Php-nuke Php-nuke Module Docum
1 EDB exploit
4.3
CVSSv2
CVE-2008-5039
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote malicious users to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
Php-nuke League Module 2.4
Php-nuke League Module
1 EDB exploit
7.5
CVSSv2
CVE-2008-7226
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the recipeid parameter.
Php-nuke Recipe Module 1.3
Php-nuke Recipe Module 1.4
1 EDB exploit
5
CVSSv2
CVE-2008-3573
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote malicious users to pass the CAPTCHA test via a calculatio...
Pligg Pligg 9.9.5
Php-nuke Php-nuke 8.1
1 EDB exploit
5
CVSSv2
CVE-2006-0185
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote malicious users to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
Php-nuke News Module
Php-nuke Pool Module
1 EDB exploit
6.5
CVSSv2
CVE-2003-1340
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote malicious users to execute arbitrary SQL commands via an aid (admin) cook...
Phpnuke Php-nuke 6.5
Phpnuke Php-nuke 5.6
5
CVSSv2
CVE-2005-1180
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote malicious users to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.
Francisco Burzi Php-nuke 7.6
Francisco Burzi Php-nuke
10
CVSSv2
CVE-2001-0320
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote malicious users to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
Francisco Burzi Php-nuke 4.0.4
Francisco Burzi Php-nuke 4.4
7.5
CVSSv2
CVE-2003-1435
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote malicious users to execute arbitrary SQL commands via the days parameter to the search module.
Francisco Burzi Php-nuke 5.6
Francisco Burzi Php-nuke 6.0
1 EDB exploit
7.5
CVSSv2
CVE-2000-0745
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote malicious users to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
Francisco Burzi Php-nuke 2.5
Francisco Burzi Php-nuke 1.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »