Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.
Max CVSS
4.3
EPSS Score
0.25%
Published
2003-12-31
Updated
2018-10-19
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
Max CVSS
5.0
EPSS Score
0.17%
Published
2003-12-31
Updated
2008-09-05
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
Max CVSS
4.3
EPSS Score
1.03%
Published
2003-12-31
Updated
2017-07-29
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
Max CVSS
7.5
EPSS Score
0.07%
Published
2003-12-31
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2003-12-31
Updated
2017-07-29
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
Max CVSS
7.5
EPSS Score
0.23%
Published
2003-12-31
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2003-06-09
Updated
2016-10-18
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!