Vulnerabilities > Phpnuke

DATE CVE VULNERABILITY TITLE RISK
2021-04-07 CVE-2021-30177 SQL Injection vulnerability in PHPnuke PHP-Nuke 8.3.3
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution.
network
low complexity
phpnuke CWE-89
7.5
2014-06-02 CVE-2014-3934 SQL Injection vulnerability in PHPnuke PHP-Nuke and Submit News Module
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
network
low complexity
phpnuke CWE-89
7.5
2012-02-14 CVE-2010-5083 SQL Injection vulnerability in PHPnuke PHP-Nuke and web Links Module
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
network
low complexity
phpnuke CWE-89
7.5
2011-09-24 CVE-2011-3784 Information Exposure vulnerability in PHPnuke PHP-Nuke 8.0
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files.
network
low complexity
phpnuke CWE-200
5.0
2011-06-21 CVE-2011-1480 SQL Injection vulnerability in PHPnuke PHP-Nuke
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.
network
low complexity
phpnuke CWE-89
7.5
2011-06-21 CVE-2011-1481 Cross-Site Scripting vulnerability in PHPnuke PHP-Nuke
Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.
network
phpnuke CWE-79
4.3
2011-06-21 CVE-2011-1482 Cross-Site Request Forgery (CSRF) vulnerability in PHPnuke PHP-Nuke
Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.
network
phpnuke CWE-352
6.8
2009-09-14 CVE-2008-7226 SQL Injection vulnerability in PHP-Nuke Recipe Module 1.3/1.4
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
network
low complexity
php-nuke phpnuke CWE-89
7.5
2009-08-24 CVE-2008-7038 SQL Injection vulnerability in Maxdev MY Egallery
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php.
network
low complexity
phpnuke maxdev CWE-89
7.5
2009-07-14 CVE-2008-6865 SQL Injection vulnerability in PHP-Nuke Sections Module
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.
network
low complexity
php-nuke phpnuke CWE-89
7.5