Francisco Burzi: >> Php-Nuke >> 7.0_final Security Vulnerabilities
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.
CVSS Score
5.0
EPSS Score
0.001
Published
2004-04-04
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
CVSS Score
5.0
EPSS Score
0.0
Published
2004-03-22
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.
CVSS Score
4.3
EPSS Score
0.0
Published
2004-03-22
Page 4