Vulnerabilities > Francisco Burzi > PHP Nuke > 6.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-12-31 | CVE-2003-1468 | Information Exposure vulnerability in Francisco Burzi PHP-Nuke The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | 4.3 |
2003-12-31 | CVE-2003-1435 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke 5.6/6.0 SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. | 7.5 |
2003-12-31 | CVE-2003-1400 | Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. | 4.3 |
2003-06-16 | CVE-2003-0279 | Remote SQL Injection vulnerability in PHPNuke Web_Links Module Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. | 2.6 |
2002-12-31 | CVE-2002-1803 | HTML Injection vulnerability in Francisco Burzi PHP-Nuke 6.0 Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. network francisco-burzi | 4.3 |