Francisco Burzi : Security Vulnerabilities, CVEs, Published In 2004 (Sql injection)
SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.
Max CVSS
6.8
EPSS Score
0.23%
Published
2004-12-31
Updated
2017-07-11
SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action.
Max CVSS
7.5
EPSS Score
0.25%
Published
2004-04-26
Updated
2017-07-11
SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.
Max CVSS
7.5
EPSS Score
0.25%
Published
2004-04-12
Updated
2017-07-11
SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.
Max CVSS
7.5
EPSS Score
0.25%
Published
2004-04-13
Updated
2017-07-11
SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2004-12-31
Updated
2017-07-11
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
Max CVSS
7.5
EPSS Score
0.15%
Published
2004-07-27
Updated
2017-07-11
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
Max CVSS
7.5
EPSS Score
0.26%
Published
2004-07-27
Updated
2017-07-11
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
Max CVSS
6.4
EPSS Score
0.28%
Published
2004-11-23
Updated
2017-07-11
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.
Max CVSS
5.0
EPSS Score
0.37%
Published
2004-11-23
Updated
2017-07-19
9 vulnerabilities found