Shodan
Vulnerabilities
Vulnerable Software
Francisco Burzi:  >> Php-Nuke  Security Vulnerabilities
CVE-2004-2294
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.
CVSS Score
4.3
EPSS Score
0.001
Published
2004-12-31
CVE-2004-2295
SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2004-12-31
CVE-2004-2296
The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.
CVSS Score
5.0
EPSS Score
0.0
Published
2004-12-31
CVE-2004-2297
The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter.
CVSS Score
5.0
EPSS Score
0.004
Published
2004-12-31
CVE-2004-2354
SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.
CVSS Score
6.8
EPSS Score
0.0
Published
2004-12-31
CVE-2004-0265
Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.
CVSS Score
6.8
EPSS Score
0.105
Published
2004-11-23
CVE-2004-0266
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.
CVSS Score
5.0
EPSS Score
0.0
Published
2004-11-23
CVE-2004-0269
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
CVSS Score
6.4
EPSS Score
0.001
Published
2004-11-23
CVE-2004-0731
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.
CVSS Score
6.8
EPSS Score
0.001
Published
2004-07-27
CVE-2004-0732
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
CVSS Score
7.5
EPSS Score
0.0
Published
2004-07-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved