汇总 mini-nuke 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 SQL 注入与输入验证问题,在 软件部署与生产负载 使用场景中可能带来 异常行为与数据泄露 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2006-2734 | enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker. | [email protected] | 5.0 | 1.54% | 2006-06-01 | 2026-06-16 |
| CVE-2006-2733 | membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts. | [email protected] | 5.0 | 1.38% | 2006-06-01 | 2026-06-16 |
| CVE-2006-2732 | SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters. | [email protected] | 7.5 | 1.98% | 2006-06-01 | 2026-06-16 |
| CVE-2006-1362 | Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and the (3) id parameter in (d) hpages.asp and (e) forum.asp. NOTE: The pages.asp/id vector is already covered by CVE-2006-0870. | [email protected] | 7.5 | 1.21% | 2006-03-23 | 2026-06-16 |
| CVE-2006-0870 | SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well. | [email protected] | 7.5 | 2.13% | 2006-02-23 | 2026-06-16 |
| CVE-2006-0203 | membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter. | [email protected] | 5.0 | 2.00% | 2006-01-13 | 2026-06-16 |
| CVE-2006-0199 | SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | [email protected] | 7.5 | 1.80% | 2006-01-13 | 2026-06-16 |