Francisco Burzi » Php-nuke » 7.0_final : Security Vulnerabilities, CVEs, Published In 2006

cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*

CVE-2006-6200

Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2006-12-01
Updated
2018-10-17

CVE-2006-5720

SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.
Max CVSS
7.5
EPSS Score
6.41%
Published
2006-11-04
Updated
2018-10-17

CVE-2006-0805

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
Max CVSS
7.5
EPSS Score
3.20%
Published
2006-02-21
Updated
2018-10-18
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close