Vulnerabilities > Nucleuscms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2020-21474 | Unrestricted Upload of File with Dangerous Type vulnerability in Nucleuscms 3.71 File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. | 9.8 |
| 2022-06-30 | CVE-2021-37770 | Unrestricted Upload of File with Dangerous Type vulnerability in Nucleuscms Nucleus CMS 3.71 Nucleus CMS v3.71 is affected by a file upload vulnerability. | 6.5 |
| 2018-12-10 | CVE-2018-16636 | Cross-site Scripting vulnerability in Nucleuscms Nucleus CMS 3.70 Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter. | 4.0 |
| 2015-07-08 | CVE-2015-5454 | Cross-site Scripting vulnerability in Nucleuscms Nucleus CMS 3.65/3.70 Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item. | 4.3 |
| 2011-11-02 | CVE-2010-5041 | SQL Injection vulnerability in John Bradshaw NP Gallery Plugin 0.94 SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action. | 7.5 |
| 2011-11-02 | CVE-2010-5040 | Code Injection vulnerability in John Bradshaw NP Gallery Plugin 0.94 PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. | 6.8 |
| 2011-09-24 | CVE-2011-3760 | Information Exposure vulnerability in Nucleuscms Nucleus CMS 3.61 Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files. | 5.0 |