Vulnerabilities > Francisco Burzi > PHP Nuke > 7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-01 | CVE-2006-6200 | SQL Injection vulnerability in PHP-Nuke News Module Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
| 2006-11-04 | CVE-2006-5720 | SQL Injection vulnerability in PHP-Nuke Journal Module Search.PHP SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. | 7.5 |
| 2006-02-21 | CVE-2006-0805 | Unspecified vulnerability in Francisco Burzi PHP-Nuke The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. | 7.5 |
| 2006-02-13 | CVE-2006-0676 | Cross-Site Scripting vulnerability in PHPNuke Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. network francisco-burzi | 4.3 |
| 2005-12-15 | CVE-2005-4260 | Unspecified vulnerability in Francisco Burzi PHP-Nuke Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. network francisco-burzi | 4.3 |
| 2005-11-24 | CVE-2005-3792 | SQL Injection vulnerability in PHPNuke Search Module Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. | 7.5 |
| 2005-09-21 | CVE-2005-3016 | Remote Security vulnerability in PHP-Nuke Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors. | 10.0 |
| 2005-05-03 | CVE-2005-1386 | Information Disclosure vulnerability in PHP-Nuke PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message. | 5.0 |
| 2005-05-02 | CVE-2005-1027 | Cross-Site Scripting vulnerability in PHP-Nuke Modules.PHP Username URI Parameter Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. network francisco-burzi | 4.3 |
| 2005-05-02 | CVE-2005-1024 | Unspecified vulnerability in Francisco Burzi PHP-Nuke modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message. | 5.0 |