Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Php\-Nuke
(Francisco_burzi)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 96 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-07-27 | CVE-2004-0736 | The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message. | Php\-Nuke | N/A | ||
| 2004-07-27 | CVE-2004-0732 | SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter. | Php\-Nuke | N/A | ||
| 2004-07-27 | CVE-2004-0731 | Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. | Php\-Nuke | N/A | ||
| 2004-11-23 | CVE-2004-0269 | SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. | Php\-Nuke | N/A | ||
| 2004-11-23 | CVE-2004-0266 | SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | Php\-Nuke | N/A | ||
| 2004-11-23 | CVE-2004-0265 | Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. | Php\-Nuke | N/A | ||
| 2003-12-31 | CVE-2003-1547 | Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. | Php\-Nuke | N/A | ||
| 2003-12-31 | CVE-2003-1526 | PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. | Php\-Nuke | N/A | ||
| 2003-12-31 | CVE-2003-1468 | The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | Php\-Nuke | N/A | ||
| 2003-12-31 | CVE-2003-1435 | SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. | Php\-Nuke | N/A |