Vulnerabilities > PHP Nuke > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-28 | CVE-2008-4767 | Improper Input Validation vulnerability in PHP-Nuke Downloadsplus Module Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. | 9.0 |
| 2007-03-23 | CVE-2007-1626 | Remote File Include vulnerability in PHP-Nuke IFrame Module IFrame.PHP PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | 9.3 |