Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities found for myphpnuke by myphpnuke
FKIE_CVE-2008-4089
Vulnerability from fkie_nvd - Published: 2008-09-15 17:12 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3E99ACD7-417D-44B1-8313-6522F01D8505",
"versionEndIncluding": "1.8.8_8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_7:*:*:*:*:*:*:*",
"matchCriteriaId": "C837745C-62E4-4770-9FC6-F4299CA780B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B135D6D-BBD6-4C5D-BEF0-10C2B2CB74BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en print.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos inyectar web script o HTML a trav\u00e9s del par\u00e1metro sid."
}
],
"id": "CVE-2008-4089",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-09-15T17:12:51.197",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30942"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31112"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31114"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6338"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4088
Vulnerability from fkie_nvd - Published: 2008-09-15 17:12 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34D26AF4-D557-4CC6-8AB5-AFDF295DBA68",
"versionEndIncluding": "1.8.8_8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_7:*:*:*:*:*:*:*",
"matchCriteriaId": "C837745C-62E4-4770-9FC6-F4299CA780B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B135D6D-BBD6-4C5D-BEF0-10C2B2CB74BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2F8382F-53BE-43F2-8CC9-A00253246EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en print.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro sid."
}
],
"id": "CVE-2008-4088",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-15T17:12:51.180",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4255"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30942"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31112"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31114"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45084"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6338"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4092
Vulnerability from fkie_nvd - Published: 2008-09-15 17:12 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "34D26AF4-D557-4CC6-8AB5-AFDF295DBA68",
"versionEndIncluding": "1.8.8_8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_7:*:*:*:*:*:*:*",
"matchCriteriaId": "C837745C-62E4-4770-9FC6-F4299CA780B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B135D6D-BBD6-4C5D-BEF0-10C2B2CB74BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2F8382F-53BE-43F2-8CC9-A00253246EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en printfeature.php de myPHPNuke (MPN) versiones anteriores a 1.8.8_8rc2 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro artid."
}
],
"id": "CVE-2008-4092",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-15T17:12:51.273",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4261"
},
{
"source": "cve@mitre.org",
"url": "http://websecurity.com.ua/2398/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30959"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2469"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44798"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://websecurity.com.ua/2398/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6347"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-0923
Vulnerability from fkie_nvd - Published: 2006-02-28 11:02 - Updated: 2026-04-16 00:27
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F809DD04-571D-429B-B8A1-49FBD4361D9D",
"versionEndIncluding": "1.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_7:*:*:*:*:*:*:*",
"matchCriteriaId": "C837745C-62E4-4770-9FC6-F4299CA780B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8_8_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "33F1AE53-725E-4506-AED4-AFD02983466D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php."
}
],
"id": "CVE-2006-0923",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-28T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19052"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/491"
},
{
"source": "cve@mitre.org",
"url": "http://www.myphpnuke.com/article.php?sid=1035\u0026mode=thread\u0026order=0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.nukedx.com/?viewdoc=12"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425983/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16815"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0750"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.myphpnuke.com/article.php?sid=1035\u0026mode=thread\u0026order=0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.nukedx.com/?viewdoc=12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425983/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24887"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-1372
Vulnerability from fkie_nvd - Published: 2003-12-31 05:00 - Updated: 2026-04-16 00:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| microsoft | all_windows | * | |
| unix | unix | any_version | |
| myphpnuke | myphpnuke | 1.8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB4B29F-4C60-48A0-8F58-BCBDC58B697E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8C2159-A91B-4599-BDDA-AEC890150B00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D673DA6-49A1-425C-8A59-66479784FD73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters."
}
],
"id": "CVE-2003-1372",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8125"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3931"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6892"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-1913
Vulnerability from fkie_nvd - Published: 2002-12-31 05:00 - Updated: 2026-04-16 00:27
Severity ?
Summary
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D673DA6-49A1-425C-8A59-66479784FD73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable."
}
],
"id": "CVE-2002-1913",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10396.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10396.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5982"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-4089 (GCVE-0-2008-4089)
Vulnerability from cvelistv5 – Published: 2008-09-15 16:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2008-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "6338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "6338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "6338",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4089",
"datePublished": "2008-09-15T16:00:00.000Z",
"dateReserved": "2008-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4088 (GCVE-0-2008-4088)
Vulnerability from cvelistv5 – Published: 2008-09-15 16:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "myphpnuke-print-sql-injection(45084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45084"
},
{
"name": "31112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "4255",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4255"
},
{
"name": "6338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "myphpnuke-print-sql-injection(45084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45084"
},
{
"name": "31112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "4255",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4255"
},
{
"name": "6338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "myphpnuke-print-sql-injection(45084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45084"
},
{
"name": "31112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "4255",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4255"
},
{
"name": "6338",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4088",
"datePublished": "2008-09-15T16:00:00.000Z",
"dateReserved": "2008-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4092 (GCVE-0-2008-4092)
Vulnerability from cvelistv5 – Published: 2008-09-15 16:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-09-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4261",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4261"
},
{
"name": "ADV-2008-2469",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2469"
},
{
"name": "myphpnuke-printfeature-sql-injection(44798)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44798"
},
{
"name": "6347",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/2398/"
},
{
"name": "30959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4261",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4261"
},
{
"name": "ADV-2008-2469",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2469"
},
{
"name": "myphpnuke-printfeature-sql-injection(44798)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44798"
},
{
"name": "6347",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/2398/"
},
{
"name": "30959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4261",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4261"
},
{
"name": "ADV-2008-2469",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2469"
},
{
"name": "myphpnuke-printfeature-sql-injection(44798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44798"
},
{
"name": "6347",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6347"
},
{
"name": "http://websecurity.com.ua/2398/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/2398/"
},
{
"name": "30959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4092",
"datePublished": "2008-09-15T16:00:00.000Z",
"dateReserved": "2008-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1372 (GCVE-0-2003-1372)
Vulnerability from cvelistv5 – Published: 2007-10-17 01:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2003-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:02.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-index-sql-injection(11376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376"
},
{
"name": "8125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8125"
},
{
"name": "6892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6892"
},
{
"name": "3931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3931"
},
{
"name": "20030219 myphpnuke xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-index-sql-injection(11376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376"
},
{
"name": "8125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8125"
},
{
"name": "6892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6892"
},
{
"name": "3931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3931"
},
{
"name": "20030219 myphpnuke xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-index-sql-injection(11376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376"
},
{
"name": "8125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8125"
},
{
"name": "6892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6892"
},
{
"name": "3931",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3931"
},
{
"name": "20030219 myphpnuke xss",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1372",
"datePublished": "2007-10-17T01:00:00.000Z",
"dateReserved": "2007-10-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:28:02.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0923 (GCVE-0-2006-0923)
Vulnerability from cvelistv5 – Published: 2006-02-28 11:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-02-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "491",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/491"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nukedx.com/?viewdoc=12"
},
{
"name": "myphpnuke-reviews-download-xss(24887)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24887"
},
{
"name": "19052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19052"
},
{
"name": "16815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.myphpnuke.com/article.php?sid=1035\u0026mode=thread\u0026order=0"
},
{
"name": "20060224 Advisory: MyPHPNuke \u003c= 1.8.8 multiple XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425983/100/0/threaded"
},
{
"name": "ADV-2006-0750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "491",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/491"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nukedx.com/?viewdoc=12"
},
{
"name": "myphpnuke-reviews-download-xss(24887)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24887"
},
{
"name": "19052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19052"
},
{
"name": "16815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.myphpnuke.com/article.php?sid=1035\u0026mode=thread\u0026order=0"
},
{
"name": "20060224 Advisory: MyPHPNuke \u003c= 1.8.8 multiple XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425983/100/0/threaded"
},
{
"name": "ADV-2006-0750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "491",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/491"
},
{
"name": "http://www.nukedx.com/?viewdoc=12",
"refsource": "MISC",
"url": "http://www.nukedx.com/?viewdoc=12"
},
{
"name": "myphpnuke-reviews-download-xss(24887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24887"
},
{
"name": "19052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19052"
},
{
"name": "16815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16815"
},
{
"name": "http://www.myphpnuke.com/article.php?sid=1035\u0026mode=thread\u0026order=0",
"refsource": "CONFIRM",
"url": "http://www.myphpnuke.com/article.php?sid=1035\u0026mode=thread\u0026order=0"
},
{
"name": "20060224 Advisory: MyPHPNuke \u003c= 1.8.8 multiple XSS vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425983/100/0/threaded"
},
{
"name": "ADV-2006-0750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0923",
"datePublished": "2006-02-28T11:00:00.000Z",
"dateReserved": "2006-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:15.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1913 (GCVE-0-2002-1913)
Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-16 20:46
VLAI?
Summary
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "myphpnuke-phptonuke-view-files(10396)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10396.php"
},
{
"name": "5982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5982"
},
{
"name": "20021016 phptonuke allows Remote File Retrieving",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "myphpnuke-phptonuke-view-files(10396)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10396.php"
},
{
"name": "5982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5982"
},
{
"name": "20021016 phptonuke allows Remote File Retrieving",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "myphpnuke-phptonuke-view-files(10396)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10396.php"
},
{
"name": "5982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5982"
},
{
"name": "20021016 phptonuke allows Remote File Retrieving",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1913",
"datePublished": "2005-06-28T04:00:00.000Z",
"dateReserved": "2005-06-28T04:00:00.000Z",
"dateUpdated": "2024-09-16T20:46:40.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4089 (GCVE-0-2008-4089)
Vulnerability from nvd – Published: 2008-09-15 16:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2008-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "6338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "6338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "6338",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4089",
"datePublished": "2008-09-15T16:00:00.000Z",
"dateReserved": "2008-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4088 (GCVE-0-2008-4088)
Vulnerability from nvd – Published: 2008-09-15 16:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "myphpnuke-print-sql-injection(45084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45084"
},
{
"name": "31112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "4255",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4255"
},
{
"name": "6338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "myphpnuke-print-sql-injection(45084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45084"
},
{
"name": "31112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "4255",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4255"
},
{
"name": "6338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "myphpnuke-print-sql-injection(45084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45084"
},
{
"name": "31112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31112"
},
{
"name": "4255",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4255"
},
{
"name": "6338",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6338"
},
{
"name": "31114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31114"
},
{
"name": "30942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4088",
"datePublished": "2008-09-15T16:00:00.000Z",
"dateReserved": "2008-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4092 (GCVE-0-2008-4092)
Vulnerability from nvd – Published: 2008-09-15 16:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-09-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4261",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4261"
},
{
"name": "ADV-2008-2469",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2469"
},
{
"name": "myphpnuke-printfeature-sql-injection(44798)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44798"
},
{
"name": "6347",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/2398/"
},
{
"name": "30959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4261",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4261"
},
{
"name": "ADV-2008-2469",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2469"
},
{
"name": "myphpnuke-printfeature-sql-injection(44798)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44798"
},
{
"name": "6347",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/2398/"
},
{
"name": "30959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4261",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4261"
},
{
"name": "ADV-2008-2469",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2469"
},
{
"name": "myphpnuke-printfeature-sql-injection(44798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44798"
},
{
"name": "6347",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6347"
},
{
"name": "http://websecurity.com.ua/2398/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/2398/"
},
{
"name": "30959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4092",
"datePublished": "2008-09-15T16:00:00.000Z",
"dateReserved": "2008-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0923 (GCVE-0-2006-0923)
Vulnerability from nvd – Published: 2006-02-28 11:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-02-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "491",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/491"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nukedx.com/?viewdoc=12"
},
{
"name": "myphpnuke-reviews-download-xss(24887)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24887"
},
{
"name": "19052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19052"
},
{
"name": "16815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.myphpnuke.com/article.php?sid=1035\u0026mode=thread\u0026order=0"
},
{
"name": "20060224 Advisory: MyPHPNuke \u003c= 1.8.8 multiple XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425983/100/0/threaded"
},
{
"name": "ADV-2006-0750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "491",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/491"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nukedx.com/?viewdoc=12"
},
{
"name": "myphpnuke-reviews-download-xss(24887)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24887"
},
{
"name": "19052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19052"
},
{
"name": "16815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.myphpnuke.com/article.php?sid=1035\u0026mode=thread\u0026order=0"
},
{
"name": "20060224 Advisory: MyPHPNuke \u003c= 1.8.8 multiple XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425983/100/0/threaded"
},
{
"name": "ADV-2006-0750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "491",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/491"
},
{
"name": "http://www.nukedx.com/?viewdoc=12",
"refsource": "MISC",
"url": "http://www.nukedx.com/?viewdoc=12"
},
{
"name": "myphpnuke-reviews-download-xss(24887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24887"
},
{
"name": "19052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19052"
},
{
"name": "16815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16815"
},
{
"name": "http://www.myphpnuke.com/article.php?sid=1035\u0026mode=thread\u0026order=0",
"refsource": "CONFIRM",
"url": "http://www.myphpnuke.com/article.php?sid=1035\u0026mode=thread\u0026order=0"
},
{
"name": "20060224 Advisory: MyPHPNuke \u003c= 1.8.8 multiple XSS vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425983/100/0/threaded"
},
{
"name": "ADV-2006-0750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0923",
"datePublished": "2006-02-28T11:00:00.000Z",
"dateReserved": "2006-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:15.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1372 (GCVE-0-2003-1372)
Vulnerability from nvd – Published: 2007-10-17 01:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2003-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:02.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpbb-index-sql-injection(11376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376"
},
{
"name": "8125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8125"
},
{
"name": "6892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6892"
},
{
"name": "3931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3931"
},
{
"name": "20030219 myphpnuke xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpbb-index-sql-injection(11376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376"
},
{
"name": "8125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8125"
},
{
"name": "6892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6892"
},
{
"name": "3931",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3931"
},
{
"name": "20030219 myphpnuke xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-index-sql-injection(11376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376"
},
{
"name": "8125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8125"
},
{
"name": "6892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6892"
},
{
"name": "3931",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3931"
},
{
"name": "20030219 myphpnuke xss",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1372",
"datePublished": "2007-10-17T01:00:00.000Z",
"dateReserved": "2007-10-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:28:02.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1913 (GCVE-0-2002-1913)
Vulnerability from nvd – Published: 2005-06-28 04:00 – Updated: 2024-09-16 20:46
VLAI?
Summary
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "myphpnuke-phptonuke-view-files(10396)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10396.php"
},
{
"name": "5982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5982"
},
{
"name": "20021016 phptonuke allows Remote File Retrieving",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "myphpnuke-phptonuke-view-files(10396)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10396.php"
},
{
"name": "5982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5982"
},
{
"name": "20021016 phptonuke allows Remote File Retrieving",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "myphpnuke-phptonuke-view-files(10396)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10396.php"
},
{
"name": "5982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5982"
},
{
"name": "20021016 phptonuke allows Remote File Retrieving",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1913",
"datePublished": "2005-06-28T04:00:00.000Z",
"dateReserved": "2005-06-28T04:00:00.000Z",
"dateUpdated": "2024-09-16T20:46:40.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}