Php-nuke : Security Vulnerabilities, CVEs, CVSS score >= 7
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-09-14
Updated
2019-07-01
SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-07-14
Updated
2018-10-11
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-07-14
Updated
2019-07-01
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.
Max CVSS
9.0
EPSS Score
0.94%
Published
2008-10-28
Updated
2019-07-01
SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-03-13
Updated
2018-10-11
SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php.
Max CVSS
7.5
EPSS Score
0.23%
Published
2008-03-12
Updated
2018-10-11
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
Max CVSS
7.5
EPSS Score
0.07%
Published
2008-02-25
Updated
2017-09-29
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-02-22
Updated
2017-09-29
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Max CVSS
7.5
EPSS Score
0.07%
Published
2008-02-22
Updated
2017-09-29
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-02-22
Updated
2017-09-29
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
Max CVSS
9.3
EPSS Score
4.81%
Published
2007-03-23
Updated
2017-10-11
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
Max CVSS
7.5
EPSS Score
0.27%
Published
2007-02-21
Updated
2018-10-19
PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the module_name parameter.
Max CVSS
7.5
EPSS Score
0.61%
Published
2006-12-01
Updated
2018-10-17
SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op.
Max CVSS
7.5
EPSS Score
0.18%
Published
2006-07-18
Updated
2018-10-18
SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op.
Max CVSS
7.5
EPSS Score
0.31%
Published
2006-07-18
Updated
2018-10-18
15 vulnerabilities found