cbcvebase.

Francisco Burzi Php-Nuke vulnerabilities

94 known vulnerabilities affecting francisco_burzi/php-nuke.

Total CVEs
94
CISA KEV
0
Public exploits
48
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH36MEDIUM54LOW1

Vulnerabilities

Page 3 of 5
CVE-2001-1524P4MEDIUMCVSS 4.3PoCv3.0v4.0+9 more2001-12-31
CVE-2001-1524 [MEDIUM] CVE-2001-1524: Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to in Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.
nvd
CVE-2005-1000P4MEDIUMCVSS 4.3PoCv7.62005-05-02
CVE-2005-1000 [MEDIUM] CVE-2005-1000: Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkc
nvd
CVE-2004-2294P4MEDIUMCVSS 4.3PoCv6.0v6.5+13 more2004-12-31
CVE-2004-2294 [MEDIUM] CVE-2004-2294: Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.
nvd
CVE-2004-1930P4MEDIUMCVSS 4.3PoCv6.0v6.5+12 more2004-04-12
CVE-2004-1930 [MEDIUM] CVE-2004-1930: Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6 Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.
nvd
CVE-2004-1913P4MEDIUMCVSS 4.3PoCv8.0_final2004-12-31
CVE-2004-1913 [MEDIUM] CVE-2004-1913: Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.
nvd
CVE-2005-1027P4MEDIUMCVSS 4.3PoCv6.0v6.5+16 more2005-05-02
CVE-2005-1027 [MEDIUM] CVE-2005-1027: Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attacke Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module.
nvd
CVE-2007-0372P3HIGHCVSS 7.5v7.92007-01-19
CVE-2007-0372 [HIGH] CVE-2007-0372: Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to exe Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8)
nvd
CVE-2004-1817P4MEDIUMCVSS 4.3PoCv7.12004-03-15
CVE-2004-1817 [MEDIUM] CVE-2004-1817: Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.
nvd
CVE-2002-1803P4MEDIUMCVSS 4.3PoCv6.02002-12-31
CVE-2002-1803 [MEDIUM] CVE-2002-1803: Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
nvd
CVE-2003-1400P4MEDIUMCVSS 4.3PoCv5.0v5.0.1+8 more2003-12-31
CVE-2003-1400 [MEDIUM] CWE-79 CVE-2003-1400: Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 all Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
nvd
CVE-2004-1912P4MEDIUMCVSS 5.0PoCv8.0_final2004-12-31
CVE-2004-1912 [MEDIUM] CVE-2004-1912: The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.
nvd
CVE-2001-0001P4HIGHCVSS 7.5v4.42001-06-02
CVE-2001-0001 [HIGH] CVE-2001-0001: cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.
nvd
CVE-2006-1847P4HIGHCVSS 7.5v7.82006-04-19
CVE-2006-1847 [HIGH] CVE-2006-1847: SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2004-0732P4HIGHCVSS 7.5v8.0_final2004-07-27
CVE-2004-0732 [HIGH] CVE-2004-0732: SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers t SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
nvd
CVE-2004-0738P4HIGHCVSS 7.5v8.0_final2004-07-27
CVE-2004-0738 [HIGH] CVE-2004-0738: Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to ex Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
nvd
CVE-2001-0320P4CRITICALCVSS 10.0v4.0.4v4.42001-05-03
CVE-2001-0320 [CRITICAL] CVE-2001-0320: bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files an bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
nvd
CVE-2006-0908P4HIGHCVSS 7.5v7.8_patched_3.22006-02-28
CVE-2006-0908 [HIGH] CVE-2006-0908: PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via / PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter.
nvd
CVE-2003-1468P4MEDIUMCVSS 4.3PoCv6.0v6.5+5 more2003-12-31
CVE-2003-1468 [MEDIUM] CWE-200 CVE-2003-1468: The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full we The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
nvd
CVE-2006-0907P4HIGHCVSS 7.5v7.82006-02-28
CVE-2006-0907 [HIGH] CVE-2006-0907: SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute ar SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter.
nvd
CVE-2001-0911P4HIGHCVSS 7.5v5.1v5.2+1 more2001-11-21
CVE-2001-0911 [HIGH] CVE-2001-0911: PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
nvd
Francisco Burzi Php-Nuke vulnerabilities | cvebase