Vulnerabilities > Phpnuke > PHP Nuke
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-25 | CVE-2006-5494 | Code Injection vulnerability in PHPnuke PHP-Nuke 8.0 Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. | 7.5 |
2005-05-02 | CVE-2005-1028 | Information Exposure vulnerability in PHPnuke PHP-Nuke PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. | 5.0 |
2004-12-31 | CVE-2004-1842 | Cross-Site Request Forgery (CSRF) vulnerability in PHPnuke PHP-Nuke Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. | 8.8 |
2003-12-31 | CVE-2003-1340 | SQL Injection vulnerability in PHPnuke PHP-Nuke 5.6/6.5 Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279. | 6.5 |
2001-11-16 | CVE-2001-0899 | Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable. | 7.5 |