Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Php\-Nuke
(Francisco_burzi)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 96 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-11-23 | CVE-2004-0266 | SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | Php\-Nuke | N/A | ||
| 2004-11-23 | CVE-2004-0265 | Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. | Php\-Nuke | N/A | ||
| 2003-12-31 | CVE-2003-1547 | Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. | Php\-Nuke | N/A | ||
| 2003-12-31 | CVE-2003-1526 | PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. | Php\-Nuke | N/A | ||
| 2003-12-31 | CVE-2003-1468 | The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | Php\-Nuke | N/A | ||
| 2003-12-31 | CVE-2003-1435 | SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. | Php\-Nuke | N/A | ||
| 2003-12-31 | CVE-2003-1400 | Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. | Php\-Nuke | N/A | ||
| 2003-12-31 | CVE-2003-1210 | Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. | Php\-Nuke | N/A | ||
| 2003-06-09 | CVE-2003-0318 | Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. | Php\-Nuke | N/A | ||
| 2003-06-16 | CVE-2003-0279 | Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. | Php\-Nuke | N/A |