Vulnerabilities > PHP Nuke
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-14 | CVE-2008-7226 | SQL Injection vulnerability in PHP-Nuke Recipe Module 1.3/1.4 SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter. | 7.5 |
| 2009-07-14 | CVE-2008-6866 | SQL Injection vulnerability in PHP-Nuke Current Issue Module SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action. | 7.5 |
| 2009-07-14 | CVE-2008-6865 | SQL Injection vulnerability in PHP-Nuke Sections Module SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action. | 7.5 |
| 2009-01-27 | CVE-2009-0302 | SQL Injection vulnerability in PHP-Nuke Downloads Module 8.0 SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php. | 4.6 |
| 2008-11-12 | CVE-2008-5039 | Cross-Site Scripting vulnerability in PHP-Nuke League Module 2.4 Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php. | 4.3 |
| 2008-10-28 | CVE-2008-4767 | Improper Input Validation vulnerability in PHP-Nuke Downloadsplus Module Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. | 9.0 |
| 2008-08-10 | CVE-2008-3573 | Permissions, Privileges, and Access Controls vulnerability in multiple products The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string. | 5.0 |
| 2008-08-07 | CVE-2008-3513 | SQL Injection vulnerability in PHP Nuke Basis Consultant Book Catalog 1.0 SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php. | 7.5 |
| 2008-08-07 | CVE-2008-3512 | SQL Injection vulnerability in PHP Nuke Kleinanzeigen Module SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php. | 7.5 |
| 2008-04-30 | CVE-2008-2020 | Permissions, Privileges, and Access Controls vulnerability in multiple products The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings. | 6.8 |