RSS   Podatności dla 'Postnuke'   RSS

2010-05-04
 
CVE-2010-1713

CWE-89
 

 
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.

 
2008-03-31
 
CVE-2008-1591

CWE-89
 

 
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).

 


Copyright 2024, cxsecurity.com

 

Back to Top