Vulnerabilities > Phpnuke > PHP Nuke

DATE CVE VULNERABILITY TITLE RISK
2006-10-25 CVE-2006-5494 Code Injection vulnerability in PHPnuke PHP-Nuke 8.0
Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters.
network
low complexity
phpnuke CWE-94
7.5
2005-05-02 CVE-2005-1028 Information Exposure vulnerability in PHPnuke PHP-Nuke
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.
network
low complexity
phpnuke CWE-200
5.0
2004-12-31 CVE-2004-1842 Cross-Site Request Forgery (CSRF) vulnerability in PHPnuke PHP-Nuke
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.
network
low complexity
phpnuke CWE-352
8.8
2003-12-31 CVE-2003-1340 SQL Injection vulnerability in PHPnuke PHP-Nuke 5.6/6.5
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
network
low complexity
phpnuke CWE-89
6.5
2001-11-16 CVE-2001-0899 Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.
network
low complexity
phpnuke rick-fournier
7.5