Vulnerabilities > Francisco Burzi > PHP Nuke > 7.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-19 | CVE-2007-0372 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.9 Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. | 7.5 |
| 2006-12-01 | CVE-2006-6200 | SQL Injection vulnerability in PHP-Nuke News Module Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
| 2006-02-21 | CVE-2006-0805 | Unspecified vulnerability in Francisco Burzi PHP-Nuke The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. | 7.5 |
| 2006-02-13 | CVE-2006-0676 | Cross-Site Scripting vulnerability in PHPNuke Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. network francisco-burzi | 4.3 |
| 2005-12-15 | CVE-2005-4260 | Unspecified vulnerability in Francisco Burzi PHP-Nuke Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. network francisco-burzi | 4.3 |