Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-nuke vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2001-1025
PHP-Nuke 5.x allows remote malicious users to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.0.1
NA
CVE-2000-0745
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote malicious users to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
Francisco Burzi Php-nuke 2.5
Francisco Burzi Php-nuke 1.0
1 EDB exploit
NA
CVE-2001-0911
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote malicious users to gain privileges by stealing or sniffing the cookie and decoding it.
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 5.2
Francisco Burzi Php-nuke 5.3.1
Postnuke Software Foundation Postnuke 0.64
NA
CVE-2006-3948
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote malicious users to inject arbitrary web script or HTML via the query parameter.
Php-nuke Inp
1 EDB exploit
NA
CVE-2008-1315
SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the cat parameter to modules.php.
Php-nuke Zclassifieds
1 EDB exploit
NA
CVE-2008-6865
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the artid parameter in a printpage action.
Php-nuke Sections Module
NA
CVE-2006-2828
Global variable overwrite vulnerability in PHP-Nuke allows remote malicious users to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admi...
Php-nuke Ev
1 EDB exploit
NA
CVE-2005-1028
PHP-Nuke 6.x up to and including 7.6 allows remote malicious users to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.
Phpnuke Php-nuke
NA
CVE-2008-4767
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote malicious users to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of...
Php-nuke Downloadsplus Module
1 EDB exploit
NA
CVE-2007-1519
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.
Phpnuke Php-nuke
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »