Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1591

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1591
Last Modified 05 Sep 2008 12:00:00
Published 31 Mar 2008 07:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1591

Summary

The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).

Vulnerable Systems

Application

  • Postnuke 0.764


References

XF - postnuke-index-script-sql-injection(41375)

BID - 28407

MILW0RM - 5292


Last Updated: 27 May 2016 10:47:36