Francisco Burzi Php-Nuke vulnerabilities
94 known vulnerabilities affecting francisco_burzi/php-nuke.
Total CVEs
94
CISA KEV
0
Public exploits
48
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH36MEDIUM54LOW1
Vulnerabilities
Page 5 of 5
CVE-2005-0433P4MEDIUMCVSS 5.0v6.0v6.5+14 more2005-02-15
CVE-2005-0433 [MEDIUM] CVE-2005-0433: Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or mis
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message.
nvd
CVE-2003-0318P4MEDIUMCVSS 4.3≤ 6.02003-06-09
CVE-2003-0318 [MEDIUM] CVE-2003-0318: Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allow
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.
nvd
CVE-2004-1998P4MEDIUMCVSS 5.0v6.0v6.5+7 more2004-05-05
CVE-2004-1998 [MEDIUM] CVE-2004-1998: The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive informati
The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message.
nvd
CVE-2005-1386P4MEDIUMCVSS 5.0v6.0v6.5+16 more2005-05-03
CVE-2005-1386 [MEDIUM] CVE-2005-1386: PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct reques
PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8
nvd
CVE-2001-1522P4MEDIUMCVSS 4.3v8.0_final2001-12-31
CVE-2001-1522 [MEDIUM] CVE-2001-1522: Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attacker
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.
nvd
CVE-2005-1001P4MEDIUMCVSS 5.0v7.62005-05-02
CVE-2005-1001 [MEDIUM] CVE-2005-1001: PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the
PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.
nvd
CVE-2005-0998P4MEDIUMCVSS 5.0v7.62005-05-02
CVE-2005-0998 [MEDIUM] CVE-2005-0998: The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an
The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server.
nvd
CVE-2004-0736P4MEDIUMCVSS 5.0v8.0_final2004-07-27
CVE-2004-0736 [MEDIUM] CVE-2004-0736: The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**"
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.
nvd
CVE-2004-1984P4MEDIUMCVSS 5.0v6.9v7.0+3 more2004-05-02
CVE-2004-1984 [MEDIUM] CVE-2004-1984: Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive informatio
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
nvd
CVE-2004-2296P4MEDIUMCVSS 5.0v6.0v6.5+13 more2004-12-31
CVE-2004-2296 [MEDIUM] CVE-2004-2296: The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows sy
The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.
nvd
CVE-2003-1526P4MEDIUMCVSS 5.0v7.02003-12-31
CVE-2003-1526 [MEDIUM] CWE-200 CVE-2003-1526: PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
nvd
CVE-2004-2019P4MEDIUMCVSS 5.0v6.0v6.5+13 more2004-12-31
CVE-2004-2019 [MEDIUM] CVE-2004-2019: The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive informat
The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.
nvd
CVE-2005-1024P4MEDIUMCVSS 5.0v6.0v6.5+16 more2005-05-02
CVE-2005-1024 [MEDIUM] CVE-2005-1024: modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a dir
modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message.
nvd
CVE-2004-1839P4MEDIUMCVSS 5.0v6.5v6.5_beta1+9 more2004-03-22
CVE-2004-1839 [MEDIUM] CVE-2004-1839: MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a di
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
nvd
← Previous5 / 5