CVE-2005-1023

PHP-Nuke 6.x-7.6 - Cross-Site Scripting via Search/FAQ/Encyclopedia Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1023. PoCs published by Janek Vind.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in PHP-Nuke, including XSS in the 'Faq', 'Encyclopedia', and 'Reviews' modules, SQL injection in the 'Reviews' module, and a DoS vulnerability in the score subsystem. No actual exploit code is present.

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Janek Vind · textwebappsjava
https://www.exploit-db.com/exploits/24190

The provided text describes multiple vulnerabilities in PHP-Nuke, including XSS in the 'Faq', 'Encyclopedia', and 'Reviews' modules, SQL injection in the 'Reviews' module, and a DoS vulnerability in the score subsystem. No actual exploit code is present.

Classification
Writeup 90%
Attack Type
Xss | Sqli | Dos
Complexity
Trivial
Reliability
Theoretical
Target: PHP-Nuke 7.3
No auth needed
Prerequisites: Access to the vulnerable PHP-Nuke instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
http://www.securityreason.com/adv/PHPNuke%206.x-7.6-p1.txt
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111263454308478&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19952

Scores

EPSS 0.0173
EPSS Percentile 74.6%

Details

Status published
Products (18)
francisco_burzi/php-nuke 6.0
francisco_burzi/php-nuke 6.5
francisco_burzi/php-nuke 6.5_beta1
francisco_burzi/php-nuke 6.5_final
francisco_burzi/php-nuke 6.5_rc1
francisco_burzi/php-nuke 6.5_rc2
francisco_burzi/php-nuke 6.5_rc3
francisco_burzi/php-nuke 6.6
francisco_burzi/php-nuke 6.7
francisco_burzi/php-nuke 6.9
... and 8 more
Published May 02, 2005
Tracked Since Feb 18, 2026