Nukescripts Nukesentinel vulnerabilities
6 known vulnerabilities affecting nukescripts/nukesentinel.
Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2007-1171P3HIGHCVSS 7.5PoC≤ 2.5.112007-03-02
CVE-2007-1171 [HIGH] CWE-89 CVE-2007-1171: SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versi
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
nvd
CVE-2007-1493P3HIGHCVSS 7.5PoC≤ 2.5.062007-03-16
CVE-2007-1493 [HIGH] CVE-2007-1493: nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
nvd
CVE-2007-1172P3MEDIUMCVSS 6.4PoCv2.5.052007-03-02
CVE-2007-1172 [MEDIUM] CVE-2007-1172: SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
nvd
CVE-2007-5151P3HIGHCVSS 7.5v2.5.122007-10-01
CVE-2007-5151 [HIGH] CWE-89 CVE-2007-5151: SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel
SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie.
nvd
CVE-2007-5150P3HIGHCVSS 7.5v2.5.112007-10-01
CVE-2007-5150 [HIGH] CVE-2007-5150: SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.
SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
nvd
CVE-2007-1494P4MEDIUMCVSS 6.8≤ 2.5.052007-03-16
CVE-2007-1494 [MEDIUM] CVE-2007-1494: Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to in
Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".
nvd