Shodan
Vulnerabilities
Vulnerable Software
Phpnuke:  Security Vulnerabilities
CVE-2008-1219
SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2008-03-10
CVE-2008-1220
SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
7.5
EPSS Score
0.003
Published
2008-03-10
CVE-2008-1053
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2008-02-27
CVE-2008-0879
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
CVSS Score
7.5
EPSS Score
0.01
Published
2008-02-21
CVE-2008-0880
SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-02-21
CVE-2008-0881
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-02-21
CVE-2008-0827
SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2008-02-19
CVE-2007-4212
Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag.
CVSS Score
4.3
EPSS Score
0.003
Published
2007-08-08
CVE-2007-1519
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.
CVSS Score
4.3
EPSS Score
0.004
Published
2007-03-20
CVE-2007-1520
The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.
CVSS Score
6.8
EPSS Score
0.005
Published
2007-03-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved