Vulnerabilities > Francisco Burzi > PHP Nuke > 6.0

DATE CVE VULNERABILITY TITLE RISK
2003-12-31 CVE-2003-1468 Information Exposure vulnerability in Francisco Burzi PHP-Nuke
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. 		4.3
4.3
2003-12-31 CVE-2003-1435 SQL Injection vulnerability in Francisco Burzi PHP-Nuke 5.6/6.0
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
network
low complexity
francisco-burzi CWE-89
7.5
7.5
2003-12-31 CVE-2003-1400 Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. 		4.3
4.3
2003-06-16 CVE-2003-0279 Remote SQL Injection vulnerability in PHPNuke Web_Links Module
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
network
high complexity
francisco-burzi
2.6
2.6
2002-12-31 CVE-2002-1803 HTML Injection vulnerability in Francisco Burzi PHP-Nuke 6.0
Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
network
francisco-burzi
4.3
4.3