Shodan
Vulnerabilities
Vulnerable Software
Francisco Burzi:  >> Php-Nuke  >> 8.0_final  Security Vulnerabilities
CVE-2007-6376
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
7.5
EPSS Score
0.0
Published
2007-12-15
CVE-2004-1912
The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.
CVSS Score
5.0
EPSS Score
0.0
Published
2004-12-31
CVE-2004-1913
Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.
CVSS Score
4.3
EPSS Score
0.0
Published
2004-12-31
CVE-2004-1914
SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter.
CVSS Score
7.5
EPSS Score
0.0
Published
2004-12-31
CVE-2004-0731
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.
CVSS Score
6.8
EPSS Score
0.001
Published
2004-07-27
CVE-2004-0732
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
CVSS Score
7.5
EPSS Score
0.0
Published
2004-07-27
CVE-2004-0736
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.
CVSS Score
5.0
EPSS Score
0.0
Published
2004-07-27
CVE-2004-0737
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.
CVSS Score
7.5
EPSS Score
0.0
Published
2004-07-27
CVE-2004-0738
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
CVSS Score
7.5
EPSS Score
0.0
Published
2004-07-27
CVE-2001-1522
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.
CVSS Score
4.3
EPSS Score
0.0
Published
2001-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved