Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Francisco Burzi Subscribe
Filtered by product Php-nuke
Total 97 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0461 1 Francisco Burzi 1 Php-nuke 2017-09-28 6.8 MEDIUM N/A
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.
CVE-2003-1468 1 Francisco Burzi 1 Php-nuke 2017-07-28 4.3 MEDIUM N/A
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
CVE-2003-1435 1 Francisco Burzi 1 Php-nuke 2017-07-28 7.5 HIGH N/A
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
CVE-2003-1400 1 Francisco Burzi 1 Php-nuke 2017-07-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
CVE-2006-1847 1 Francisco Burzi 1 Php-nuke 2017-07-19 7.5 HIGH N/A
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4715 1 Francisco Burzi 1 Php-nuke 2017-07-19 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests.
CVE-2004-2020 1 Francisco Burzi 1 Php-nuke 2017-07-18 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.
CVE-2004-0266 1 Francisco Burzi 1 Php-nuke 2017-07-18 5.0 MEDIUM N/A
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.
CVE-2005-3304 1 Francisco Burzi 1 Php-nuke 2017-07-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.
CVE-2005-0434 1 Francisco Burzi 1 Php-nuke 2017-07-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation.
CVE-2005-0433 1 Francisco Burzi 1 Php-nuke 2017-07-10 5.0 MEDIUM N/A
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message.
CVE-2005-1027 1 Francisco Burzi 1 Php-nuke 2017-07-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module.
CVE-2005-1180 1 Francisco Burzi 1 Php-nuke 2017-07-10 5.0 MEDIUM N/A
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.
CVE-2005-1001 1 Francisco Burzi 1 Php-nuke 2017-07-10 5.0 MEDIUM N/A
PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.
CVE-2005-1000 1 Francisco Burzi 1 Php-nuke 2017-07-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.
CVE-2005-1023 1 Francisco Burzi 1 Php-nuke 2017-07-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000.
CVE-2005-1024 1 Francisco Burzi 1 Php-nuke 2017-07-10 5.0 MEDIUM N/A
modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message.
CVE-2004-1912 2 Francisco Burzi, Shiba-design 2 Php-nuke, Nukecalendar 2017-07-10 5.0 MEDIUM N/A
The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.
CVE-2004-1929 1 Francisco Burzi 1 Php-nuke 2017-07-10 7.5 HIGH N/A
SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.
CVE-2004-1984 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2017-07-10 5.0 MEDIUM N/A
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.