Show filters
38 Total Results
Displaying 31-38 of 38
Sort by:
Attacker Value
Unknown
CVE-2004-1932
Disclosure Date: April 12, 2004 (last updated February 22, 2025)
SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.
0
Attacker Value
Unknown
CVE-2004-1930
Disclosure Date: April 12, 2004 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.
0
Attacker Value
Unknown
CVE-2004-1840
Disclosure Date: March 22, 2004 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.
0
Attacker Value
Unknown
CVE-2004-1839
Disclosure Date: March 22, 2004 (last updated February 22, 2025)
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
0
Attacker Value
Unknown
CVE-2003-1547
Disclosure Date: December 31, 2003 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.
0
Attacker Value
Unknown
CVE-2003-1210
Disclosure Date: December 31, 2003 (last updated February 22, 2025)
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
0
Attacker Value
Unknown
CVE-2003-1340
Disclosure Date: December 31, 2003 (last updated February 22, 2025)
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
0
Attacker Value
Unknown
CVE-2003-1468
Disclosure Date: December 31, 2003 (last updated February 22, 2025)
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
0
