Shodan
Vulnerabilities
Vulnerable Software
Francisco Burzi:  >> Php-Nuke  Security Vulnerabilities
CVE-2004-1988
PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2004-04-30
CVE-2004-1989
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
CVSS Score
7.5
EPSS Score
0.001
Published
2004-04-30
CVE-2004-1972
SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action.
CVSS Score
7.5
EPSS Score
0.0
Published
2004-04-26
CVE-2004-1929
SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2004-04-13
CVE-2004-1930
Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.
CVSS Score
4.3
EPSS Score
0.002
Published
2004-04-12
CVE-2004-1932
SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.
CVSS Score
7.5
EPSS Score
0.0
Published
2004-04-12
CVE-2004-1986
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.
CVSS Score
5.0
EPSS Score
0.001
Published
2004-04-04
CVE-2004-1839
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
CVSS Score
5.0
EPSS Score
0.0
Published
2004-03-22
CVE-2004-1840
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.
CVSS Score
4.3
EPSS Score
0.0
Published
2004-03-22
CVE-2004-1830
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.
CVSS Score
5.0
EPSS Score
0.001
Published
2004-03-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved