Francisco Burzi Php-Nuke vulnerabilities
94 known vulnerabilities affecting francisco_burzi/php-nuke.
Total CVEs
94
CISA KEV
0
Public exploits
48
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH36MEDIUM54LOW1
Vulnerabilities
Page 4 of 5
CVE-2001-1025P4CRITICALCVSS 10.0v5.0v5.0.12001-08-31
CVE-2001-1025 [CRITICAL] CVE-2001-1025: PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" v
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
nvd
CVE-2004-1830P4MEDIUMCVSS 5.0PoCv6.02004-03-18
CVE-2004-1830 [MEDIUM] CVE-2004-1830: error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive informat
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.
nvd
CVE-2001-1032P4HIGHCVSS 7.5≤ 5.22001-09-24
CVE-2001-1032 [HIGH] CVE-2001-1032: admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload op
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.
nvd
CVE-2004-0737P4HIGHCVSS 7.5v8.0_final2004-07-27
CVE-2004-0737 [HIGH] CVE-2004-0737: Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.
nvd
CVE-2001-0292P4HIGHCVSS 7.5v4.4.1a2001-05-03
CVE-2001-0292 [HIGH] CVE-2001-0292: PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
nvd
CVE-2005-3016P4CRITICALCVSS 10.0≤ 7.8v6.0+13 more2005-09-21
CVE-2005-3016 [CRITICAL] CVE-2005-3016: Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown
Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors.
nvd
CVE-2001-0321P4MEDIUMCVSS 5.0v8.0_final2001-05-03
CVE-2001-0321 [MEDIUM] CVE-2001-0321: opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the fil
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.
nvd
CVE-2004-2354P4MEDIUMCVSS 6.8v6.5v6.5_beta1+7 more2004-12-31
CVE-2004-2354 [MEDIUM] CVE-2004-2354: SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers
SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.
nvd
CVE-2001-0854P4MEDIUMCVSS 5.0v5.22001-12-06
CVE-2001-0854 [MEDIUM] CVE-2001-0854: PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.
PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
nvd
CVE-2005-0996P4MEDIUMCVSS 5.0v7.62005-05-02
CVE-2005-0996 [MEDIUM] CVE-2005-0996: Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attacke
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function.
nvd
CVE-2004-0731P4MEDIUMCVSS 6.8v8.0_final2004-07-27
CVE-2004-0731 [MEDIUM] CVE-2004-0731: Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remot
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.
nvd
CVE-2005-1180P4MEDIUMCVSS 5.0≤ 7.5v7.62005-05-02
CVE-2005-1180 [MEDIUM] CVE-2005-1180: HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.
nvd
CVE-2007-5032P4MEDIUMCVSS 5.1≤ 1.0≤ 2.5+39 more2007-09-21
CVE-2007-5032 [MEDIUM] CWE-352 CVE-2007-5032: Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remo
Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters.
nvd
CVE-2004-2020P4MEDIUMCVSS 4.3v6.0v6.5+13 more2004-12-31
CVE-2004-2020 [MEDIUM] CVE-2004-2020: Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attacke
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surve
nvd
CVE-2004-1999P4MEDIUMCVSS 4.3v6.0v6.5+7 more2004-05-05
CVE-2004-1999 [MEDIUM] CVE-2004-1999: Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows
Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.
nvd
CVE-2005-0434P4MEDIUMCVSS 4.3v6.0v6.5+14 more2005-02-15
CVE-2005-0434 [MEDIUM] CVE-2005-0434: Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation.
nvd
CVE-2003-1547P4MEDIUMCVSS 4.3v6.5v6.5_beta1+3 more2003-12-31
CVE-2003-1547 [MEDIUM] CWE-79 CVE-2003-1547: Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.
nvd
CVE-2003-0279P4LOWCVSS 2.6v5.0v6.02003-06-16
CVE-2003-0279 [LOW] CVE-2003-0279: Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows r
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
nvd
CVE-2004-1840P4MEDIUMCVSS 4.3v6.5v6.5_beta1+9 more2004-03-22
CVE-2004-1840 [MEDIUM] CVE-2004-1840: Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows re
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.
nvd
CVE-2006-1846P4MEDIUMCVSS 4.3v7.82006-04-19
CVE-2006-1846 [MEDIUM] CVE-2006-1846: Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows rem
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unc
nvd