Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2751

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-2751
Last Modified 05 Sep 2008 04:45:01
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2751

Summary

SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

Vulnerable Systems

Application

  • Postnuke Software Foundation Postnuke 0.722

  • Postnuke Software Foundation Postnuke 0.723

  • Postnuke Software Foundation Postnuke 0.726


References

BUGTRAQ - 20040102 PostNuke Issues (0.726 && Possibly Older)

CONFIRM - http://community.postnuke.com/Article2535.htm

XF - postnuke-memberslist-sql-injection(11500)

OSVDB - 3334

SECTRACK - 1008629

VULNWATCH - 20030309 Postnuke v 0.723 SQL injection and directory traversing


Last Updated: 27 May 2016 10:39:37