Lucene search

FreeBSDF3EEC2B5-8CD8-11D9-8066-000A95BC6FAE

HistoryFeb 28, 2005 - 12:00 a.m.

postnuke -- SQL injection vulnerabilities

2005-02-2800:00:00

vuxml.freebsd.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.003

Percentile

65.7%

JSON

Two separate SQL injection vulnerabilities have been
identified in the PostNuke PHP content management
system. An attacker can use this vulnerability to
potentially insert executable PHP code into the content
management system (to view all files within the PHP scope,
for instance). Various other SQL injection vulnerabilities
exist, which give attackers the ability to run SQL queries
on any tables within the database.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpostnuke< 0.760UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	postnuke	< 0.760	UNKNOWN

References

marc.theaimsgroup.com/?l=bugtraq&m=110962710805864

marc.theaimsgroup.com/?l=bugtraq&m=110962819232255

news.postnuke.com/Article2669.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.003

Percentile

65.7%

JSON

Related for F3EEC2B5-8CD8-11D9-8066-000A95BC6FAE