Francisco Burzi Php-Nuke vulnerabilities
94 known vulnerabilities affecting francisco_burzi/php-nuke.
Total CVEs
94
CISA KEV
0
Public exploits
48
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH36MEDIUM54LOW1
Vulnerabilities
Page 1 of 5
CVE-2007-1061P3MEDIUMCVSS 6.8PoC≤ 8.0_final2007-02-22
CVE-2007-1061 [MEDIUM] CVE-2007-1061: SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).
nvd
CVE-2005-3792P3HIGHCVSS 7.5PoCv7.0_finalv7.1+5 more2005-11-24
CVE-2005-3792 [HIGH] CVE-2005-3792: Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other vers
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.
nvd
CVE-2004-1988P3HIGHCVSS 7.5PoCv6.9v7.0+3 more2004-04-30
CVE-2004-1988 [HIGH] CVE-2004-1988: PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows
PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.
nvd
CVE-2000-0745P3HIGHCVSS 7.5PoCv1.0v2.52000-10-20
CVE-2000-0745 [HIGH] CVE-2000-0745: admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows re
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
nvd
CVE-2007-0309P3HIGHCVSS 7.5PoC≤ 7.92007-01-18
CVE-2007-0309 [HIGH] CVE-2007-0309: SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and ear
SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
nvd
CVE-2004-1989P3HIGHCVSS 7.5PoCv6.9v7.0+3 more2004-04-30
CVE-2004-1989 [HIGH] CVE-2004-1989: PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remot
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
nvd
CVE-2006-5720P3HIGHCVSS 7.5PoC≤ 7.9v7.0+8 more2006-11-04
CVE-2006-5720 [HIGH] CVE-2006-5720: SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi P
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.
nvd
CVE-2004-1929P3HIGHCVSS 7.5PoCv5.5v6.0+13 more2004-04-13
CVE-2004-1929 [HIGH] CVE-2004-1929: SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 all
SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.
nvd
CVE-2005-3304P3HIGHCVSS 7.5PoCv7.82005-10-26
CVE-2005-3304 [HIGH] CVE-2005-3304: Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries
Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.
nvd
CVE-2004-2018P3HIGHCVSS 7.5PoCv6.0v6.5+13 more2004-12-31
CVE-2004-2018 [HIGH] CVE-2004-2018: PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attac
PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code.
nvd
CVE-2003-1210P3HIGHCVSS 7.5PoC≤ 6.5v6.5_beta1+4 more2003-12-31
CVE-2003-1210 [HIGH] CVE-2003-1210: Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow re
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
nvd
CVE-2005-0999P3HIGHCVSS 7.5PoCv6.0v6.5+16 more2005-05-02
CVE-2005-0999 [HIGH] CVE-2005-0999: SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers t
SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter.
nvd
CVE-2006-0805P3HIGHCVSS 7.5PoCv6.0v6.5+19 more2006-02-21
CVE-2006-0805 [HIGH] CVE-2006-0805: The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
nvd
CVE-2004-0269P3MEDIUMCVSS 6.4PoCv1.0v2.5+24 more2004-11-23
CVE-2004-0269 [MEDIUM] CVE-2004-0269: SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers t
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
nvd
CVE-2004-2044P3HIGHCVSS 7.5PoCv5.0v5.0.1+22 more2004-06-01
CVE-2004-2044 [HIGH] CVE-2004-2044: PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuk
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possib
nvd
CVE-2002-0206P3HIGHCVSS 7.5PoCv1.0v2.5+11 more2002-05-16
CVE-2002-0206 [HIGH] CVE-2002-0206: index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, all
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
nvd
CVE-2007-6376P3HIGHCVSS 7.5PoCv8.0_final2007-12-15
CVE-2007-6376 [HIGH] CVE-2007-6376: Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote atta
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2004-1972P3HIGHCVSS 7.5PoCv7.22004-04-26
CVE-2004-1972 [HIGH] CVE-2004-1972: SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote
SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action.
nvd
CVE-2004-1914P3HIGHCVSS 7.5PoCv8.0_final2004-12-31
CVE-2004-1914 [HIGH] CVE-2004-1914: SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote
SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter.
nvd
CVE-2005-0997P3HIGHCVSS 7.5PoCv7.62005-05-02
CVE-2005-0997 [HIGH] CVE-2005-0997: Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attacke
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the sea
nvd
1 / 5Next →