Vulnerabilities > Francisco Burzi > PHP Nuke > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-12-31 | CVE-2003-1210 | Downloads Module SQL Injection vulnerability in PHP-Nuke Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. | 7.5 |
2002-11-12 | CVE-2002-1242 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke 5.6 SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. | 7.5 |
2002-05-16 | CVE-2002-0206 | Remote Arbitrary File Include vulnerability in PHPNuke index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. | 7.5 |
2001-11-21 | CVE-2001-0911 | PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. | 7.5 |
2001-09-24 | CVE-2001-1032 | Remote File Copy vulnerability in PHPNuke admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. | 7.5 |
2001-06-02 | CVE-2001-0001 | Unspecified vulnerability in Francisco Burzi PHP-Nuke 4.4 cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. | 7.5 |
2001-05-03 | CVE-2001-0292 | Remote Security vulnerability in Francisco Burzi PHP-Nuke 4.4.1A PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator. | 7.5 |
2000-10-20 | CVE-2000-0745 | Unspecified vulnerability in Francisco Burzi PHP-Nuke 1.0/2.5 admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter. | 7.5 |