PHP Nuke

DATE	CVE	VULNERABILITY TITLE	RISK
2008-01-25	CVE-2008-0461	SQL Injection vulnerability in Francisco Burzi PHP-Nuke SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. network francisco-burzi CWE-89	6.8
2007-12-15	CVE-2007-6376	Path Traversal vulnerability in Francisco Burzi PHP-Nuke 8.0Final Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. network low complexity francisco-burzi CWE-22	7.5
2007-09-21	CVE-2007-5032	Cross-Site Request Forgery (CSRF) vulnerability in Francisco Burzi PHP-Nuke Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. network high complexity francisco-burzi CWE-352	5.1
2007-02-22	CVE-2007-1061	SQL Injection vulnerability in PHP-Nuke SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). network francisco-burzi	6.8
2007-01-19	CVE-2007-0372	SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.9 Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. network low complexity francisco-burzi	7.5
2007-01-18	CVE-2007-0309	SQL Injection vulnerability in PHP-Nuke Block-Old_Articles.PHP SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. network low complexity francisco-burzi	7.5
2006-12-02	CVE-2006-6234	SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 6.0 Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. network low complexity francisco-burzi	7.5
2006-12-01	CVE-2006-6200	SQL Injection vulnerability in PHP-Nuke News Module Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. network low complexity francisco-burzi	7.5
2006-11-04	CVE-2006-5720	SQL Injection vulnerability in PHP-Nuke Journal Module Search.PHP SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. network low complexity francisco-burzi	7.5
2006-04-19	CVE-2006-1847	Input Validation vulnerability in Francisco Burzi PHP-Nuke 7.8 SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. network low complexity francisco-burzi	7.5