Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-nuke vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2003-1400
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 up to and including 6.0 allows remote malicious users to inject arbitrary web script or HTML via the user_avatar parameter.
Francisco Burzi Php-nuke 5.2a
Francisco Burzi Php-nuke 5.3.1
Francisco Burzi Php-nuke 5.4
Francisco Burzi Php-nuke 5.5
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.0.1
Francisco Burzi Php-nuke 5.6
Francisco Burzi Php-nuke 6.0
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 5.2
1 EDB exploit
NA
CVE-2004-1998
The Downloads module in Php-Nuke 6.x up to and including 7.2 allows remote malicious users to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message.
Francisco Burzi Php-nuke 6.9
Francisco Burzi Php-nuke 7.0
Francisco Burzi Php-nuke 6.6
Francisco Burzi Php-nuke 6.7
Francisco Burzi Php-nuke 6.8
Francisco Burzi Php-nuke 7.1
Francisco Burzi Php-nuke 7.2
Francisco Burzi Php-nuke 6.0
Francisco Burzi Php-nuke 6.5
NA
CVE-2004-1999
Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x up to and including 7.2 allows remote malicious users to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.
Francisco Burzi Php-nuke 6.7
Francisco Burzi Php-nuke 6.8
Francisco Burzi Php-nuke 6.5
Francisco Burzi Php-nuke 6.6
Francisco Burzi Php-nuke 6.9
Francisco Burzi Php-nuke 7.0
Francisco Burzi Php-nuke 6.0
Francisco Burzi Php-nuke 7.1
Francisco Burzi Php-nuke 7.2
NA
CVE-2005-4260
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote malicious users to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the da...
Francisco Burzi Php-nuke 7.3
Francisco Burzi Php-nuke 7.6
Francisco Burzi Php-nuke 7.1
Francisco Burzi Php-nuke 7.2
Francisco Burzi Php-nuke 7.7
Francisco Burzi Php-nuke 7.8
Francisco Burzi Php-nuke 7.0
Francisco Burzi Php-nuke 7.9
1 EDB exploit
NA
CVE-2004-2354
SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 up to and including 6.9 allows remote malicious users to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.
Francisco Burzi Php-nuke 6.5
Francisco Burzi Php-nuke 6.5 Beta1
Francisco Burzi Php-nuke 6.9
Warpspeed 4nguestbook 0.92
Francisco Burzi Php-nuke 6.5 Final
Francisco Burzi Php-nuke 6.5 Rc1
Francisco Burzi Php-nuke 6.5 Rc2
Francisco Burzi Php-nuke 6.5 Rc3
Francisco Burzi Php-nuke 6.6
Francisco Burzi Php-nuke 6.7
NA
CVE-2003-1468
The Web_Links module in PHP-Nuke 6.0 up to and including 6.5 final allows remote malicious users to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
Francisco Burzi Php-nuke 6.0
Francisco Burzi Php-nuke 6.5
Francisco Burzi Php-nuke 6.5 Beta1
Francisco Burzi Php-nuke 6.5 Final
Francisco Burzi Php-nuke 6.5 Rc1
Francisco Burzi Php-nuke 6.5 Rc2
Francisco Burzi Php-nuke 6.5 Rc3
1 EDB exploit
NA
CVE-2002-0483
index.php for PHP-Nuke 5.4 and previous versions allows remote malicious users to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.0.1
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 5.2
Francisco Burzi Php-nuke 5.3.1
Francisco Burzi Php-nuke 5.2a
Francisco Burzi Php-nuke 5.4
1 EDB exploit
NA
CVE-2005-3792
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions prior to 7.9 with patch 3.1, allows remote malicious users to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.
Francisco Burzi Php-nuke 7.6
Francisco Burzi Php-nuke 7.7
Francisco Burzi Php-nuke 7.8
Francisco Burzi Php-nuke 7.2
Francisco Burzi Php-nuke 7.3
Francisco Burzi Php-nuke 7.0 Final
Francisco Burzi Php-nuke 7.1
1 EDB exploit
NA
CVE-2003-1210
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x up to and including 6.5 allow remote malicious users to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
Francisco Burzi Php-nuke 6.5 Beta1
Francisco Burzi Php-nuke 6.5 Final
Francisco Burzi Php-nuke 6.5 Rc1
Francisco Burzi Php-nuke
Francisco Burzi Php-nuke 6.5 Rc2
Francisco Burzi Php-nuke 6.5 Rc3
1 EDB exploit
NA
CVE-2003-1547
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote malicious users to inject arbitrary web script or HTML via the subject parameter.
Francisco Burzi Php-nuke 6.5 Beta1
Francisco Burzi Php-nuke 6.5 Rc1
Francisco Burzi Php-nuke 6.5 Rc2
Francisco Burzi Php-nuke 6.5 Rc3
Francisco Burzi Php-nuke 6.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »