Vulnerabilities > Phpnuke

DATE CVE VULNERABILITY TITLE RISK
2004-12-31 CVE-2004-1842 Cross-Site Request Forgery (CSRF) vulnerability in PHPnuke PHP-Nuke
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.
network
low complexity
phpnuke CWE-352
8.8
2003-12-31 CVE-2003-1545 Path Traversal vulnerability in multiple products
Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter.
network
low complexity
nukestyles phpnuke CWE-22
5.0
2003-12-31 CVE-2003-1340 SQL Injection vulnerability in PHPnuke PHP-Nuke 5.6/6.5
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
network
low complexity
phpnuke CWE-89
6.5
2001-11-16 CVE-2001-0899 Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.
network
low complexity
phpnuke rick-fournier
7.5