High

DATE	CVE	VULNERABILITY TITLE	RISK
2008-07-11	CVE-2008-3151	SQL Injection vulnerability in multiple products SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action. network low complexity phpnuke warpspeed CWE-89	7.5
2008-04-30	CVE-2008-2020	Use of Insufficiently Random Values vulnerability in multiple products The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings. network low complexity my123tkshop phpmybittorrent webze e107 labgab phpnuke torrentflux-project opendb CWE-330	7.5
2008-03-12	CVE-2008-1314	SQL Injection vulnerability in Johannes Hass Gaestebuch Module 2.2 SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php. network low complexity johannes-hass phpnuke CWE-89	7.5
2008-03-12	CVE-2008-1308	SQL Injection vulnerability in Sudirman Angriawan Nukec30 3.0 SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php. network low complexity phpnuke sudirman-angriawan CWE-89	7.5
2008-03-10	CVE-2008-1220	SQL Injection vulnerability in PHPnuke 4Nchat 0.91 SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. network low complexity phpnuke CWE-89	7.5
2008-02-27	CVE-2008-1053	SQL Injection vulnerability in PHPnuke Kose Yazilari Module Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php. network low complexity phpnuke CWE-89	7.5
2008-02-21	CVE-2008-0881	SQL Injection vulnerability in PHPnuke Okul Module 1.0 SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action. network low complexity phpnuke CWE-89	7.5
2008-02-21	CVE-2008-0880	SQL Injection vulnerability in PHPnuke Easycontent Module SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter. network low complexity phpnuke CWE-89	7.5
2008-02-21	CVE-2008-0879	SQL Injection vulnerability in PHPnuke web Links Module SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. network low complexity phpnuke CWE-89	7.5
2008-02-19	CVE-2008-0827	SQL Injection vulnerability in PHPnuke Book SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. network low complexity phpnuke CWE-89	7.5