Francisco Burzi : Security Vulnerabilities, CVEs, Published In 2006 (Sql injection)
Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action.
Max CVSS
7.5
EPSS Score
0.21%
Published
2006-12-02
Updated
2018-10-17
Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2006-12-01
Updated
2018-10-17
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.
Max CVSS
7.5
EPSS Score
6.41%
Published
2006-11-04
Updated
2018-10-17
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.59%
Published
2006-04-19
Updated
2017-07-20
PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter.
Max CVSS
7.5
EPSS Score
0.43%
Published
2006-02-28
Updated
2018-10-18
SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter.
Max CVSS
7.5
EPSS Score
0.16%
Published
2006-02-28
Updated
2018-10-18
SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field).
Max CVSS
7.5
EPSS Score
7.86%
Published
2006-02-16
Updated
2018-10-19
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792.
Max CVSS
7.5
EPSS Score
0.76%
Published
2006-01-11
Updated
2017-07-20
8 vulnerabilities found