Francisco Burzi » Php-nuke » 7.2 : Security Vulnerabilities, CVEs, Published In 2006 (Sql injection)
Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2006-12-01
Updated
2018-10-17
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.
Max CVSS
7.5
EPSS Score
6.41%
Published
2006-11-04
Updated
2018-10-17
2 vulnerabilities found