Shodan
Vulnerabilities
Vulnerable Software
Francisco Burzi:  Security Vulnerabilities
CVE-2004-1840
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.
CVSS Score
4.3
EPSS Score
0.0
Published
2004-03-22
CVE-2004-1830
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.
CVSS Score
5.0
EPSS Score
0.001
Published
2004-03-18
CVE-2004-1817
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.
CVSS Score
4.3
EPSS Score
0.057
Published
2004-03-15
CVE-2003-1210
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
CVSS Score
7.5
EPSS Score
0.0
Published
2003-12-31
CVE-2003-1400
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
CVSS Score
4.3
EPSS Score
0.001
Published
2003-12-31
CVE-2003-1435
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
CVSS Score
7.5
EPSS Score
0.0
Published
2003-12-31
CVE-2003-1468
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
CVSS Score
4.3
EPSS Score
0.0
Published
2003-12-31
CVE-2003-1526
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
CVSS Score
5.0
EPSS Score
0.0
Published
2003-12-31
CVE-2003-1547
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.
CVSS Score
4.3
EPSS Score
0.0
Published
2003-12-31
CVE-2003-0279
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
CVSS Score
2.6
EPSS Score
0.0
Published
2003-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved