Search Results (98 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0318 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.
CVE-2004-0737 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.
CVE-2004-0738 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
CVE-2004-1830 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.
CVE-2004-1839 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
CVE-2004-1984 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2026-04-16 N/A
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
CVE-2004-1987 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2026-04-16 N/A
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.
CVE-2004-1989 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2026-04-16 N/A
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
CVE-2006-0679 1 Francisco Burzi 1 Php-nuke Ev 2026-04-16 N/A
SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field).
CVE-2002-0483 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.
CVE-2001-0320 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
CVE-2001-0321 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.
CVE-2001-0854 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
CVE-2005-4260 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
CVE-2003-1435 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
CVE-2003-1468 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
CVE-2004-1999 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.
CVE-2004-1913 2 Francisco Burzi, Shiba-design 2 Php-nuke, Nukecalendar 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.
CVE-2006-0163 1 Francisco Burzi 1 Php-nuke Ev 2026-04-16 N/A
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792.
CVE-2004-0736 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.