Francisco Burzi Php-nuke — known CVE vulnerabilities
Every CVE whose affected-product data names Francisco Burzi Php-nuke, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (94)
CVE-2001-1025 — CVSS 10.0 (critical): PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that…
CVE-2005-3016 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors.
CVE-2001-0320 — CVSS 10.0 (critical): bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by…
CVE-2004-1989 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP…
CVE-2002-1242 — CVSS 7.5 (high): SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the…
CVE-2005-4715 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute…
CVE-2004-2018 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by…
CVE-2005-3792 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows…
CVE-2004-2044 — CVSS 7.5 (high): PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke…
CVE-2005-3304 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1)…
CVE-2000-0745 — CVSS 7.5 (high): admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by…
CVE-2001-0292 — CVSS 7.5 (high): PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling…
CVE-2006-0805 — CVSS 7.5 (high): The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User…
CVE-2004-1987 — CVSS 7.5 (high): picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute…
CVE-2004-1988 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary…
CVE-2004-1914 — CVSS 7.5 (high): SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL…
CVE-2004-1929 — CVSS 7.5 (high): SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass…
CVE-2006-0907 — CVSS 7.5 (high): SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a…
CVE-2004-1932 — CVSS 7.5 (high): SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL…
CVE-2004-1972 — CVSS 7.5 (high): SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL…
CVE-2002-0206 — CVSS 7.5 (high): index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute…
CVE-2001-0001 — CVSS 7.5 (high): cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the…
CVE-2005-0999 — CVSS 7.5 (high): SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via…
CVE-2007-0372 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the…
CVE-2005-0997 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands…
CVE-2003-1210 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL…
CVE-2007-0309 — CVSS 7.5 (high): SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled…
CVE-2003-1435 — CVSS 7.5 (high): SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the…
CVE-2006-6234 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to…
CVE-2006-6200 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module…
CVE-2001-0911 — CVSS 7.5 (high): PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by…
CVE-2004-0732 — CVSS 7.5 (high): SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via…
CVE-2004-0737 — CVSS 7.5 (high): Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary…
CVE-2004-0738 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or…
CVE-2006-5720 — CVSS 7.5 (high): SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote…
CVE-2001-1032 — CVSS 7.5 (high): admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers…
CVE-2006-1847 — CVSS 7.5 (high): SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via…
CVE-2007-6376 — CVSS 7.5 (high): Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary…
CVE-2006-0908 — CVSS 7.5 (high): PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click"…
CVE-2008-0461 — CVSS 6.8 (medium): SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows…
CVE-2004-0731 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script…
CVE-2004-2354 — CVSS 6.8 (medium): SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry…
CVE-2007-1061 — CVSS 6.8 (medium): SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled…
CVE-2004-0265 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other…
CVE-2004-0269 — CVSS 6.4 (medium): SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain…
CVE-2007-5032 — CVSS 5.1 (medium): Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative…
CVE-2004-2296 — CVSS 5.0 (medium): The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to…
CVE-2001-0321 — CVSS 5.0 (medium): opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl…
CVE-2001-0383 — CVSS 5.0 (medium): banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which…
CVE-2001-0854 — CVSS 5.0 (medium): PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument…
CVE-2002-0483 — CVSS 5.0 (medium): index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter…
CVE-2002-2032 — CVSS 5.0 (medium): sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query…
CVE-2003-1526 — CVSS 5.0 (medium): PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search…
CVE-2004-0266 — CVSS 5.0 (medium): SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain…
CVE-2004-0736 — CVSS 5.0 (medium): The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which…
CVE-2004-1830 — CVSS 5.0 (medium): error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2)…
CVE-2004-1839 — CVSS 5.0 (medium): MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2)…
CVE-2004-1912 — CVSS 5.0 (medium): The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used…
CVE-2004-1984 — CVSS 5.0 (medium): Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1)…
CVE-2004-1986 — CVSS 5.0 (medium): Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with…
CVE-2004-1998 — CVSS 5.0 (medium): The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to…
CVE-2004-2019 — CVSS 5.0 (medium): The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter…
CVE-2004-2297 — CVSS 5.0 (medium): The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large…
CVE-2005-0433 — CVSS 5.0 (medium): Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2)…
CVE-2005-0996 — CVSS 5.0 (medium): Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or…
CVE-2005-0998 — CVSS 5.0 (medium): The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers…
CVE-2005-1001 — CVSS 5.0 (medium): PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter…
CVE-2005-1024 — CVSS 5.0 (medium): modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2)…
CVE-2005-1180 — CVSS 5.0 (medium): HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web…
CVE-2005-1386 — CVSS 5.0 (medium): PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3)…
CVE-2005-1023 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML…
CVE-2005-1027 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or…
CVE-2001-1524 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via…
CVE-2001-1522 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or…
CVE-2004-2294 — CVSS 4.3 (medium): Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to…
CVE-2004-2293 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML…
CVE-2004-2020 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web…
CVE-2005-4260 — CVSS 4.3 (medium): Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS)…
CVE-2004-1999 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary…
CVE-2006-0676 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or…
CVE-2004-1985 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary…
CVE-2004-1930 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used…
CVE-2004-1913 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject…
CVE-2006-1846 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML…
CVE-2004-1840 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web…
CVE-2004-1817 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML…
CVE-2003-1547 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject…
CVE-2003-1468 — CVSS 4.3 (medium): The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid…
CVE-2003-1400 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject…
CVE-2003-0318 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary…
CVE-2005-0434 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1)…
CVE-2005-1000 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1)…
CVE-2002-1803 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in…
CVE-2003-0279 — CVSS 2.6 (low): Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive…