Vulnerabilities > Francisco Burzi > PHP Nuke > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4715 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8 Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. | 7.5 |
| 2005-11-24 | CVE-2005-3792 | SQL Injection vulnerability in PHPNuke Search Module Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. | 7.5 |
| 2005-10-26 | CVE-2005-3304 | Modules SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.8 Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. | 7.5 |
| 2005-05-02 | CVE-2005-0999 | Unspecified vulnerability in Francisco Burzi PHP-Nuke SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0997 | Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6 Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function. | 7.5 |
| 2004-12-31 | CVE-2004-2295 | Input Validation vulnerability in PHP-Nuke SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2018 | Unspecified vulnerability in Francisco Burzi PHP-Nuke PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2004-12-31 | CVE-2004-1914 | Multiple vulnerability in NukeCalendar SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. | 7.5 |
| 2004-07-27 | CVE-2004-0738 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 8.0Final Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. | 7.5 |
| 2004-07-27 | CVE-2004-0737 | Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke 8.0Final Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters. | 7.5 |