Francisco Burzi » Php-nuke » 7.3 : Security Vulnerabilities, CVEs, (Sql injection)
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
0.75%
Published
2008-01-25
Updated
2017-09-29
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).
Max CVSS
6.8
EPSS Score
91.69%
Published
2007-02-22
Updated
2018-10-16
SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
7.5
EPSS Score
55.63%
Published
2007-01-18
Updated
2018-10-16
Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2006-12-01
Updated
2018-10-17
SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.
Max CVSS
7.5
EPSS Score
6.41%
Published
2006-11-04
Updated
2018-10-17
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.
Max CVSS
7.5
EPSS Score
95.18%
Published
2005-11-24
Updated
2018-10-19
SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter.
Max CVSS
7.5
EPSS Score
0.25%
Published
2005-05-02
Updated
2016-10-18
7 vulnerabilities found