Vulnerabilities > Francisco Burzi > PHP Nuke > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-12-15 | CVE-2007-6376 | Path Traversal vulnerability in Francisco Burzi PHP-Nuke 8.0Final Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-01-19 | CVE-2007-0372 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.9 Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. | 7.5 |
2007-01-18 | CVE-2007-0309 | SQL Injection vulnerability in PHP-Nuke Block-Old_Articles.PHP SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2006-12-02 | CVE-2006-6234 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 6.0 Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. | 7.5 |
2006-12-01 | CVE-2006-6200 | SQL Injection vulnerability in PHP-Nuke News Module Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
2006-11-04 | CVE-2006-5720 | SQL Injection vulnerability in PHP-Nuke Journal Module Search.PHP SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. | 7.5 |
2006-04-19 | CVE-2006-1847 | Input Validation vulnerability in Francisco Burzi PHP-Nuke 7.8 SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. | 7.5 |
2006-02-28 | CVE-2006-0908 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8Patched3.2 PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. | 7.5 |
2006-02-28 | CVE-2006-0907 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8 SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. | 7.5 |
2006-02-21 | CVE-2006-0805 | Unspecified vulnerability in Francisco Burzi PHP-Nuke The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. | 7.5 |