cbcvebase.

Nukescripts Nukesentinel vulnerabilities

6 known vulnerabilities affecting nukescripts/nukesentinel.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2007-1171P3HIGHCVSS 7.5PoC≤ 2.5.112007-03-02
CVE-2007-1171 [HIGH] CWE-89 CVE-2007-1171: SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versi SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
nvd
CVE-2007-1493P3HIGHCVSS 7.5PoC≤ 2.5.062007-03-16
CVE-2007-1493 [HIGH] CVE-2007-1493: nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
nvd
CVE-2007-1172P3MEDIUMCVSS 6.4PoCv2.5.052007-03-02
CVE-2007-1172 [MEDIUM] CVE-2007-1172: SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
nvd
CVE-2007-5151P3HIGHCVSS 7.5v2.5.122007-10-01
CVE-2007-5151 [HIGH] CWE-89 CVE-2007-5151: SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie.
nvd
CVE-2007-5150P3HIGHCVSS 7.5v2.5.112007-10-01
CVE-2007-5150 [HIGH] CVE-2007-5150: SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5. SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
nvd
CVE-2007-1494P4MEDIUMCVSS 6.8≤ 2.5.052007-03-16
CVE-2007-1494 [MEDIUM] CVE-2007-1494: Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to in Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".
nvd
Nukescripts Nukesentinel vulnerabilities | cvebase