Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1591


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1591
Last Modified 05 Sep 2008 12:00:00
Published 31 Mar 2008 07:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).

Vulnerable Systems


  • Postnuke 0.764


XF - postnuke-index-script-sql-injection(41375)

BID - 28407

MILW0RM - 5292

Last Updated: 27 May 2016 10:47:36