4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| warpspeed | 4nalbum_module | 0.92 |
PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| warpspeed | 4nalbum_module | 0.92 |
SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| warpspeed | 4nalbum_module | 0.92 |
SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| francisco_burzi | php-nuke | 6.5_final |
| francisco_burzi | php-nuke | 6.5 |
| francisco_burzi | php-nuke | 6.5_beta1 |
| francisco_burzi | php-nuke | 6.6 |
| francisco_burzi | php-nuke | 6.7 |
| francisco_burzi | php-nuke | 6.9 |
| francisco_burzi | php-nuke | 6.5_rc1 |
| francisco_burzi | php-nuke | 6.5_rc3 |
| francisco_burzi | php-nuke | 6.5_rc2 |
| warpspeed | 4nguestbook | 0.92 |
SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| warpspeed | 4nforum | 0.91 |