FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postnuke -- admin section SQL injection

Affected packages
postnuke < 0.763

Details

VuXML ID 35f2679f-52d7-11db-8f1a-000a48049292
Discovery 2006-09-29
Entry 2006-10-03
Modified 2007-11-17

ISS X-Force reports:

PostNuke is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the admin section using the hits parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.

[source]

References

Bugtraq ID 20317
CVE Name CVE-2006-5121
URL http://secunia.com/advisories/22197/
URL http://www.securityfocus.com/archive/1/archive/1/447361/100/0/threaded
URL http://xforce.iss.net/xforce/xfdb/29271

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.