Vulnerabilities > Francisco Burzi > PHP Nuke EV

DATE CVE VULNERABILITY TITLE RISK
2006-02-16 CVE-2006-0679 SQL Injection vulnerability in Francisco Burzi PHP-Nuke EV 7.8
SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field).
network
low complexity
francisco-burzi
7.5
7.5
2006-01-11 CVE-2006-0163 SQL Injection vulnerability in Francisco Burzi PHP-Nuke EV 7.7R1
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field.
network
low complexity
francisco-burzi
7.5
7.5