← Back

Php Nuke

php-nuke

26 CVEs • 26 products

Products (26)

Click to collapse
Toggle
Sections Module
sections_module
2 CVEs
News Module
news_module
1 CVE
Pool Module
pool_module
1 CVE
Ev
ev
1 CVE
Advanced Classified Module
advanced_classified_module
1 CVE
Inp
inp
1 CVE
Autohtml Module
autohtml_module
1 CVE
Mermaid Module
mermaid_module
1 CVE
Emporium Module
emporium_module
1 CVE
Iframe Module
iframe_module
1 CVE
Eboard Module
eboard_module
1 CVE
Satel Lite
satel_lite
1 CVE
Php Nuke Module Docum
php-nuke_module_docum
1 CVE
Inhalt Module
inhalt_module
1 CVE
Manuales
manuales
1 CVE
Nukec Module
nukec_module
1 CVE
Hadith Module
hadith_module
1 CVE
Zclassifieds
zclassifieds
1 CVE
Kleinanzeigen Module
kleinanzeigen_module
1 CVE
Basis Consultant Book Catalog
basis_consultant_book_catalog
1 CVE
Php Nuke
php-nuke
1 CVE
Downloadsplus Module
downloadsplus_module
1 CVE
League Module
league_module
1 CVE
Downloads Module
downloads_module
1 CVE
Current Issue Module
current_issue_module
1 CVE
Recipe Module
recipe_module
1 CVE

CVEs (26)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2008-7226
1Php Nuke
1Recipe Module
Apr 23, 2026
Sep 14, 2009
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
CVE-2008-6866
1Php Nuke
1Current Issue Module
Apr 23, 2026
Jul 14, 2009
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action.
CVE-2008-6865
1Php Nuke
1Sections Module
Apr 23, 2026
Jul 14, 2009
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.
CVE-2009-0302
1Php Nuke
1Downloads Module
Apr 23, 2026
Jan 27, 2009
N/A· v4
N/A· v3
4.6 MEDIUM· v2
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.
CVE-2008-5039
1Php Nuke
1League Module
Apr 23, 2026
Nov 12, 2008
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.
CVE-2008-4767
1Php Nuke
1Downloadsplus Module
Apr 23, 2026
Oct 28, 2008
N/A· v4
N/A· v3
9.0 HIGH· v2
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via...Show more
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.Show less
CVE-2008-3573
2Php Nuke
Pligg
2Php Nuke
Pligg
Apr 23, 2026
Aug 10, 2008
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remo...Show more
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.Show less
CVE-2008-3513
1Php Nuke
1Basis Consultant Book Catalog
Apr 23, 2026
Aug 7, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php.
CVE-2008-3512
1Php Nuke
1Kleinanzeigen Module
Apr 23, 2026
Aug 7, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.
CVE-2008-1315
1Php Nuke
1Zclassifieds
Apr 23, 2026
Mar 13, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php.
CVE-2008-1298
2Kyantonius
Php Nuke
2Hadith Module
Hadith Module
Apr 23, 2026
Mar 12, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php.
CVE-2008-0934
2Nukec
Php Nuke
2Nukec
Nukec Module
Apr 23, 2026
Feb 25, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
CVE-2008-0922
1Php Nuke
1Manuales
Apr 23, 2026
Feb 22, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
CVE-2008-0907
1Php Nuke
1Inhalt Module
Apr 23, 2026
Feb 22, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-0906
1Php Nuke
1Php Nuke Module Docum
Apr 23, 2026
Feb 22, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
CVE-2007-3332
1Php Nuke
1Satel Lite
Apr 23, 2026
Jun 21, 2007
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action.
CVE-2007-1934
1Php Nuke
1Eboard Module
Apr 23, 2026
Apr 10, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.
CVE-2007-1626
1Php Nuke
1Iframe Module
Apr 23, 2026
Mar 23, 2007
N/A· v4
N/A· v3
9.3 HIGH· v2
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-1034
1Php Nuke
1Emporium Module
Apr 23, 2026
Feb 21, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2006-6217
1Php Nuke
1Mermaid Module
Apr 23, 2026
Dec 1, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the module_name parameter.