Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-nuke vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2000-0745
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote malicious users to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
Francisco Burzi Php-nuke 2.5
Francisco Burzi Php-nuke 1.0
1 EDB exploit
755
VMScore
CVE-2003-1435
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote malicious users to execute arbitrary SQL commands via the days parameter to the search module.
Francisco Burzi Php-nuke 5.6
Francisco Burzi Php-nuke 6.0
1 EDB exploit
668
VMScore
CVE-2001-0911
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote malicious users to gain privileges by stealing or sniffing the cookie and decoding it.
Francisco Burzi Php-nuke 5.1
Francisco Burzi Php-nuke 5.2
Francisco Burzi Php-nuke 5.3.1
Postnuke Software Foundation Postnuke 0.64
668
VMScore
CVE-2008-6865
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the artid parameter in a printpage action.
Php-nuke Sections Module
755
VMScore
CVE-2008-1315
SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote malicious users to execute arbitrary SQL commands via the cat parameter to modules.php.
Php-nuke Zclassifieds
1 EDB exploit
445
VMScore
CVE-2005-1028
PHP-Nuke 6.x up to and including 7.6 allows remote malicious users to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.
Phpnuke Php-nuke
905
VMScore
CVE-2008-4767
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote malicious users to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of...
Php-nuke Downloadsplus Module
1 EDB exploit
645
VMScore
CVE-2006-2828
Global variable overwrite vulnerability in PHP-Nuke allows remote malicious users to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admi...
Php-nuke Ev
1 EDB exploit
435
VMScore
CVE-2006-3948
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote malicious users to inject arbitrary web script or HTML via the query parameter.
Php-nuke Inp
1 EDB exploit
685
VMScore
CVE-2004-1842
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x up to and including 7.1.0 allows remote malicious users to gain administrative privileges via an img tag with a URL to admin.php.
Phpnuke Php-nuke
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »