Vulnerabilities > Phpnuke
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-06-02 | CVE-2014-3934 | SQL Injection vulnerability in PHPnuke PHP-Nuke and Submit News Module SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | 7.5 |
2012-02-14 | CVE-2010-5083 | SQL Injection vulnerability in PHPnuke PHP-Nuke and web Links Module SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php. | 7.5 |
2011-09-24 | CVE-2011-3784 | Information Exposure vulnerability in PHPnuke PHP-Nuke 8.0 Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain other files. | 5.0 |
2011-06-21 | CVE-2011-1482 | Cross-Site Request Forgery (CSRF) vulnerability in PHPnuke PHP-Nuke Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison. | 6.8 |
2011-06-21 | CVE-2011-1481 | Cross-Site Scripting vulnerability in PHPnuke PHP-Nuke Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php. | 4.3 |
2011-06-21 | CVE-2011-1480 | SQL Injection vulnerability in PHPnuke PHP-Nuke SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter. | 7.5 |
2009-09-14 | CVE-2008-7226 | SQL Injection vulnerability in PHP-Nuke Recipe Module 1.3/1.4 SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter. | 7.5 |
2009-08-24 | CVE-2008-7038 | SQL Injection vulnerability in Maxdev MY Egallery SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. | 7.5 |
2009-07-14 | CVE-2008-6865 | SQL Injection vulnerability in PHP-Nuke Sections Module SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action. | 7.5 |
2009-06-01 | CVE-2009-1842 | SQL Injection vulnerability in PHPnuke PHP-Nuke 8.0 SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. | 7.5 |