Vulnerabilities (CVE)

Filtered by vendor Francisco Burzi Subscribe
Filtered by product Php-nuke
Total 96 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1839 1 Francisco Burzi 1 Php-nuke 2024-11-20 5.0 MEDIUM N/A
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
CVE-2004-1830 1 Francisco Burzi 1 Php-nuke 2024-11-20 5.0 MEDIUM N/A
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.
CVE-2004-1817 1 Francisco Burzi 1 Php-nuke 2024-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.
CVE-2004-0738 1 Francisco Burzi 1 Php-nuke 2024-11-20 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
CVE-2004-0737 1 Francisco Burzi 1 Php-nuke 2024-11-20 7.5 HIGH N/A
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.
CVE-2004-0736 1 Francisco Burzi 1 Php-nuke 2024-11-20 5.0 MEDIUM N/A
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.
CVE-2004-0732 1 Francisco Burzi 1 Php-nuke 2024-11-20 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
CVE-2004-0731 1 Francisco Burzi 1 Php-nuke 2024-11-20 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.
CVE-2004-0269 1 Francisco Burzi 1 Php-nuke 2024-11-20 6.4 MEDIUM N/A
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
CVE-2004-0266 1 Francisco Burzi 1 Php-nuke 2024-11-20 5.0 MEDIUM N/A
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.
CVE-2004-0265 1 Francisco Burzi 1 Php-nuke 2024-11-20 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.
CVE-2003-1547 1 Francisco Burzi 1 Php-nuke 2024-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.
CVE-2003-1526 1 Francisco Burzi 1 Php-nuke 2024-11-20 5.0 MEDIUM N/A
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
CVE-2003-1468 1 Francisco Burzi 1 Php-nuke 2024-11-20 4.3 MEDIUM N/A
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
CVE-2003-1435 1 Francisco Burzi 1 Php-nuke 2024-11-20 7.5 HIGH N/A
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
CVE-2003-1400 1 Francisco Burzi 1 Php-nuke 2024-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
CVE-2003-1210 1 Francisco Burzi 1 Php-nuke 2024-11-20 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
CVE-2003-0318 1 Francisco Burzi 1 Php-nuke 2024-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.
CVE-2003-0279 1 Francisco Burzi 1 Php-nuke 2024-11-20 2.6 LOW N/A
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
CVE-2002-2032 1 Francisco Burzi 1 Php-nuke 2024-11-20 5.0 MEDIUM N/A
sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sql_debug parameter to (1) index.php and (2) modules.php.