Vulnerabilities > Phpnuke
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-12 | CVE-2008-5039 | Cross-Site Scripting vulnerability in PHP-Nuke League Module 2.4 Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php. | 4.3 |
| 2008-10-31 | CVE-2008-4804 | SQL Injection vulnerability in Nukedgallery Gallery SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. | 7.5 |
| 2008-10-28 | CVE-2008-4767 | Improper Input Validation vulnerability in PHP-Nuke Downloadsplus Module Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. | 9.0 |
| 2008-07-11 | CVE-2008-3151 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action. | 7.5 |
| 2008-04-30 | CVE-2008-2020 | Use of Insufficiently Random Values vulnerability in multiple products The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings. network low complexity my123tkshop phpmybittorrent webze e107 labgab phpnuke torrentflux-project opendb CWE-330 | 7.5 |
| 2008-03-12 | CVE-2008-1314 | SQL Injection vulnerability in Johannes Hass Gaestebuch Module 2.2 SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php. | 7.5 |
| 2008-03-12 | CVE-2008-1308 | SQL Injection vulnerability in Sudirman Angriawan Nukec30 3.0 SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php. | 7.5 |
| 2008-03-10 | CVE-2008-1220 | SQL Injection vulnerability in PHPnuke 4Nchat 0.91 SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. | 7.5 |
| 2008-02-27 | CVE-2008-1053 | SQL Injection vulnerability in PHPnuke Kose Yazilari Module Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php. | 7.5 |
| 2008-02-21 | CVE-2008-0881 | SQL Injection vulnerability in PHPnuke Okul Module 1.0 SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action. | 7.5 |