Vulnerabilities > Francisco Burzi > PHP Nuke > 6.5.final
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-11-23 | CVE-2004-0265 | Cross-Site Scripting vulnerability in PHP-Nuke 'News' Module Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. network francisco-burzi | 6.8 |
| 2004-06-01 | CVE-2004-2044 | PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. | 7.5 |
| 2004-05-05 | CVE-2004-2000 | SQL Injection vulnerability in PHP-Nuke Modules.php SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php. | 7.5 |
| 2004-04-13 | CVE-2004-1929 | SQL Injection vulnerability in PHP-Nuke SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. | 7.5 |
| 2004-04-12 | CVE-2004-1932 | SQL-Injection vulnerability in PHP-Nuke SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. | 7.5 |
| 2004-04-12 | CVE-2004-1930 | Cross-Site Scripting vulnerability in PHP-Nuke CookieDecode Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. network francisco-burzi | 4.3 |
| 2004-03-22 | CVE-2004-1840 | Cross-Site Scripting vulnerability in PHP-Nuke MS-Analysis Module Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. network francisco-burzi | 4.3 |
| 2004-03-22 | CVE-2004-1839 | Remote Path Disclosure vulnerability in PHP-Nuke MS-Analysis Module MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | 5.0 |
| 2003-12-31 | CVE-2003-1468 | Information Exposure vulnerability in Francisco Burzi PHP-Nuke The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | 4.3 |
| 2003-12-31 | CVE-2003-1210 | Downloads Module SQL Injection vulnerability in PHP-Nuke Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. | 7.5 |