Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1460

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1460
Last Modified 05 Sep 2008 04:26:37
Published 13 Oct 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1460

Summary

SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.

Vulnerable Systems

Application

  • Postnuke Software Foundation Postnuke 0.62

  • Postnuke Software Foundation Postnuke 0.63

  • Postnuke Software Foundation Postnuke 0.64


References

CERT-VN - VU#921547

XF - postnuke-getusrinfo-bypass-authentication(7280)

BID - 3435

BUGTRAQ - 20011012 Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)

BUGTRAQ - 20011013 Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)


Last Updated: 27 May 2016 10:36:40