CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
85.7%
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
Vendor | Product | Version | CPE |
---|---|---|---|
postnuke_software_foundation | postnuke | 0.726 | cpe:2.3:a:postnuke_software_foundation:postnuke:0.726:*:*:*:*:*:*:* |
lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html
marc.info/?l=bugtraq&m=108256503718978&w=2
news.postnuke.com/Article2580.html
secunia.com/advisories/11386
securitytracker.com/id?1009801
www.osvdb.org/5368
www.osvdb.org/5369
www.securityfocus.com/bid/10146
exchange.xforce.ibmcloud.com/vulnerabilities/15869
exchange.xforce.ibmcloud.com/vulnerabilities/15875