Vulnerabilities > CVE-2001-1524 - Unspecified vulnerability in Francisco Burzi PHP-Nuke

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
francisco-burzi
exploit available
NVD
Published: 2001-12-31
Updated: 2024-11-20

Summary

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.

Vulnerable Configurations

Part Description Count
Application
Francisco_Burzi
11

Exploit-Db

  • descriptionPHPNuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x user.php uname Parameter XSS Vulnerability. CVE-2001-1524. Webapps exploit for php platform
    idEDB-ID:21165
    last seen2016-02-02
    modified2001-12-03
    published2001-12-03
    reporterCabezon Aurélien
    sourcehttps://www.exploit-db.com/download/21165/
    titlePHPNuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x user.php uname Parameter XSS Vulnerability
  • descriptionPHPNuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x modules.php Multiple Parameter XSS Vulnerability. CVE-2001-1524. Webapps exploit for php platform
    idEDB-ID:21166
    last seen2016-02-02
    modified2001-12-03
    published2001-12-03
    reporterCabezon Aurélien
    sourcehttps://www.exploit-db.com/download/21166/
    titlePHPNuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x modules.php Multiple Parameter XSS Vulnerability

References