Vulnerabilities > Francisco Burzi > PHP Nuke > 2.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-11-23 | CVE-2004-0269 | SQL Injection vulnerability in PHPNuke Category Parameter SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. | 6.4 |
2002-05-16 | CVE-2002-0206 | Remote Arbitrary File Include vulnerability in PHPNuke index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. | 7.5 |
2000-10-20 | CVE-2000-0745 | Unspecified vulnerability in Francisco Burzi PHP-Nuke 1.0/2.5 admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter. | 7.5 |