Phpnuke Php-nuke
30 CVEs affecting Phpnuke Php-nuke. Latest disclosed: 2021-04-07. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-30177 | Critical | 9.8 | 2021-04-07 | There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state… |
CVE-2004-1842 | High | 8.8 | 2004-12-31 | Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a U… |
CVE-2008-2020 | High | 7.5 | 2008-04-30 | The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2… |
CVE-2014-3934 | | 2014-06-02 | SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to… | |
CVE-2010-5083 | | 2012-02-14 | SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add… | |
CVE-2011-3784 | | 2011-09-24 | Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path i… | |
CVE-2011-1482 | | 2011-06-21 | Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the aut… | |
CVE-2011-1481 | | 2011-06-21 | Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML v… | |
CVE-2011-1480 | | 2011-06-21 | SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary… | |
CVE-2008-7226 | | 2009-09-14 | SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary… | |
CVE-2008-7038 | | 2009-08-24 | SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgal… | |
CVE-2008-6865 | | 2009-07-14 | SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid param… | |
CVE-2009-1842 | | 2009-06-01 | SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP… | |
CVE-2008-6779 | | 2009-05-01 | SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent… | |
CVE-2008-6728 | | 2009-04-20 | SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid pa… | |
CVE-2008-5039 | | 2008-11-12 | Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via th… | |
CVE-2008-4804 | | 2008-10-31 | SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalb… | |
CVE-2008-4767 | | 2008-10-28 | Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1)… | |
CVE-2008-1314 | | 2008-03-12 | SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parame… | |
CVE-2008-1308 | | 2008-03-12 | SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg… |