Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
francisco burzi php-nuke vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2004-1972
SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote malicious users to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action.
Francisco Burzi Php-nuke 7.2
1 EDB exploit
7.5
CVSSv2
CVE-2006-0907
SQL injection vulnerability in PHP-Nuke prior to 7.8 Patched 3.2 allows remote malicious users to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstr...
Francisco Burzi Php-nuke 7.8
7.5
CVSSv2
CVE-2006-0908
PHP-Nuke 7.8 Patched 3.2 allows remote malicious users to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter.
Francisco Burzi Php-nuke 7.8 Patched 3.2
7.5
CVSSv2
CVE-2006-6234
Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote malicious users to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action.
Francisco Burzi Php-nuke 6.0
7.5
CVSSv2
CVE-2005-4715
Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are pe...
Francisco Burzi Php-nuke 7.8
7.5
CVSSv2
CVE-2001-0292
PHP-Nuke 4.4.1a allows remote malicious users to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
Francisco Burzi Php-nuke 4.4.1a
5
CVSSv2
CVE-2001-0321
opendir.php script in PHP-Nuke allows remote malicious users to read arbitrary files by specifying the filename as an argument to the requesturl parameter.
Francisco Burzi Php-nuke 8.0 Final
4.3
CVSSv2
CVE-2005-1000
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote malicious users to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Link...
Francisco Burzi Php-nuke 7.6
4 EDB exploits
5
CVSSv2
CVE-2004-1830
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote malicious users to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.
Francisco Burzi Php-nuke 6.0
1 EDB exploit
4.3
CVSSv2
CVE-2006-1846
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote malicious users to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is u...
Francisco Burzi Php-nuke 7.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »