Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-nuke vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2001-0320
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote malicious users to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
Francisco Burzi Php-nuke 4.0.4
Francisco Burzi Php-nuke 4.4
7.5
CVSSv2
CVE-2000-0745
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote malicious users to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
Francisco Burzi Php-nuke 2.5
Francisco Burzi Php-nuke 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2001-0911
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote malicious users to gain privileges by stealing or sniffing the cookie and decoding it.
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 5.2
Francisco Burzi Php-nuke 5.3.1
Postnuke Software Foundation Postnuke 0.64
4.3
CVSSv2
CVE-2006-3948
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote malicious users to inject arbitrary web script or HTML via the query parameter.
Php-nuke Inp
1 EDB exploit
9
CVSSv2
CVE-2008-4767
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote malicious users to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of...
Php-nuke Downloadsplus Module
1 EDB exploit
7.5
CVSSv2
CVE-2008-1315
SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the cat parameter to modules.php.
Php-nuke Zclassifieds
1 EDB exploit
7.5
CVSSv2
CVE-2008-6865
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the artid parameter in a printpage action.
Php-nuke Sections Module
5
CVSSv2
CVE-2005-1028
PHP-Nuke 6.x up to and including 7.6 allows remote malicious users to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.
Phpnuke Php-nuke
6.8
CVSSv2
CVE-2004-1842
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x up to and including 7.1.0 allows remote malicious users to gain administrative privileges via an img tag with a URL to admin.php.
Phpnuke Php-nuke
1 EDB exploit
4.3
CVSSv2
CVE-2007-1519
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.
Phpnuke Php-nuke
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »