Every CVE whose affected-product data names Phpnuke Php-nuke, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2021-30177 — CVSS 9.8 (critical): There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs…
CVE-2004-1842 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via…
CVE-2001-0899 — CVSS 7.5 (high): Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput…
CVE-2006-5494 — CVSS 7.5 (high): Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke…
CVE-2007-1450 — CVSS 7.5 (high): SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the…
CVE-2008-2020 — CVSS 7.5 (high): The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3)…
CVE-2008-6728 — CVSS 7.5 (high): SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL…
CVE-2009-1842 — CVSS 7.5 (high): SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL…
CVE-2010-5083 — CVSS 7.5 (high): SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url…
CVE-2011-1480 — CVSS 7.5 (high): SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers…
CVE-2014-3934 — CVSS 7.5 (high): SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the…
CVE-2011-1482 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote…
CVE-2007-1520 — CVSS 6.8 (medium): The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before…
CVE-2003-1340 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL…
CVE-2006-5525 — CVSS 5.1 (medium): Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via…
CVE-2011-3784 — CVSS 5.0 (medium): Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the…
CVE-2005-1028 — CVSS 5.0 (medium): PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin…
CVE-2007-4212 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script…
CVE-2011-1481 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary…
CVE-2007-1449 — CVSS 4.3 (medium): Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot…
CVE-2007-1519 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script…