Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-nuke vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-0906
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
Php-nuke Php-nuke Module Docum
1 EDB exploit
4.3
CVSSv2
CVE-2008-5039
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote malicious users to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
Php-nuke League Module 2.4
Php-nuke League Module
1 EDB exploit
5
CVSSv2
CVE-2006-0185
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote malicious users to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
Php-nuke News Module
Php-nuke Pool Module
1 EDB exploit
5
CVSSv2
CVE-2008-3573
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote malicious users to pass the CAPTCHA test via a calculatio...
Pligg Pligg 9.9.5
Php-nuke Php-nuke 8.1
1 EDB exploit
7.5
CVSSv2
CVE-2008-7226
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the recipeid parameter.
Php-nuke Recipe Module 1.3
Php-nuke Recipe Module 1.4
1 EDB exploit
6.5
CVSSv2
CVE-2003-1340
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote malicious users to execute arbitrary SQL commands via an aid (admin) cook...
Phpnuke Php-nuke 6.5
Phpnuke Php-nuke 5.6
5
CVSSv2
CVE-2005-1180
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote malicious users to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.
Francisco Burzi Php-nuke 7.6
Francisco Burzi Php-nuke
10
CVSSv2
CVE-2001-1025
PHP-Nuke 5.x allows remote malicious users to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 5.0.1
7.5
CVSSv2
CVE-2003-1435
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote malicious users to execute arbitrary SQL commands via the days parameter to the search module.
Francisco Burzi Php-nuke 5.6
Francisco Burzi Php-nuke 6.0
1 EDB exploit
2.6
CVSSv2
CVE-2003-0279
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x up to and including 6.5 allows remote malicious users to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
Francisco Burzi Php-nuke 5.0
Francisco Burzi Php-nuke 6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »