Vulnerabilities > Francisco Burzi > PHP Nuke > 7.3

DATE	CVE	VULNERABILITY TITLE	RISK
2004-12-31	CVE-2004-2019	Input Validation vulnerability in PHP-Nuke The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. network low complexity francisco-burzi	5.0
2004-12-31	CVE-2004-2018	Unspecified vulnerability in Francisco Burzi PHP-Nuke PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code. network low complexity francisco-burzi	7.5
2004-06-01	CVE-2004-2044	PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. network low complexity francisco-burzi oscommerce paul-laudanski trustix	7.5