Vulnerabilities > Francisco Burzi > PHP Nuke > 7.1

DATE	CVE	VULNERABILITY TITLE	RISK
2004-04-30	CVE-2004-1988	Input Validation vulnerability in Coppermine Photo Gallery PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php. network low complexity coppermine francisco-burzi	7.5
2004-04-30	CVE-2004-1987	Input Validation vulnerability in Coppermine Photo Gallery picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters. network low complexity coppermine francisco-burzi	7.5
2004-04-30	CVE-2004-1985	Input Validation vulnerability in Coppermine Photo Gallery Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter. network coppermine francisco-burzi	4.3
2004-04-13	CVE-2004-1929	SQL Injection vulnerability in PHP-Nuke SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. network low complexity francisco-burzi	7.5
2004-04-12	CVE-2004-1932	SQL-Injection vulnerability in PHP-Nuke SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. network low complexity francisco-burzi	7.5
2004-04-12	CVE-2004-1930	Cross-Site Scripting vulnerability in PHP-Nuke CookieDecode Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. network francisco-burzi	4.3
2004-04-04	CVE-2004-1986	Input Validation vulnerability in Coppermine Photo Gallery Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. network low complexity coppermine francisco-burzi	5.0
2004-03-15	CVE-2004-1817	Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke 7.1 Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. network francisco-burzi	4.3