Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1949

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1949
Last Modified 05 Sep 2008 04:42:47
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1949

Summary

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.

Vulnerable Systems

Application

  • Postnuke Software Foundation Postnuke 0.726


References

BID - 10146

XF - postnuke-changeinfo-sql-injection(15875)

XF - postnuke-indexphp-sql-injection(15869)

OSVDB - 5369

OSVDB - 5368

SECTRACK - 1009801

SECUNIA - 11386

CONFIRM - http://news.postnuke.com/Article2580.html

BUGTRAQ - 20040420 [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2

FULLDISC - 20040414 [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection


Last Updated: 27 May 2016 10:39:14