Vulnerabilities > Phpnuke
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-07 | CVE-2021-30177 | SQL Injection vulnerability in PHPnuke PHP-Nuke 8.3.3 There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. | 7.5 |
2014-06-02 | CVE-2014-3934 | SQL Injection vulnerability in PHPnuke PHP-Nuke and Submit News Module SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | 7.5 |
2012-02-14 | CVE-2010-5083 | SQL Injection vulnerability in PHPnuke PHP-Nuke and web Links Module SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php. | 7.5 |
2011-09-24 | CVE-2011-3784 | Information Exposure vulnerability in PHPnuke PHP-Nuke 8.0 Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files. | 5.0 |
2009-09-14 | CVE-2008-7226 | SQL Injection vulnerability in PHP-Nuke Recipe Module 1.3/1.4 SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter. | 7.5 |
2009-08-24 | CVE-2008-7038 | SQL Injection vulnerability in Maxdev MY Egallery SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. | 7.5 |
2009-07-14 | CVE-2008-6865 | SQL Injection vulnerability in PHP-Nuke Sections Module SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action. | 7.5 |
2009-06-01 | CVE-2009-1842 | SQL Injection vulnerability in PHPnuke PHP-Nuke 8.0 SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. | 7.5 |
2009-05-01 | CVE-2008-6779 | SQL Injection vulnerability in PHPnuke Sarkilar Module SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php. | 7.5 |
2009-04-20 | CVE-2008-6728 | SQL Injection vulnerability in PHPnuke PHP-Nuke SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php. | 7.5 |