FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postnuke -- SQL injection vulnerabilities

Affected packages
postnuke < 0.760

Details

VuXML ID f3eec2b5-8cd8-11d9-8066-000a95bc6fae
Discovery 2005-02-28
Entry 2005-03-04

Two separate SQL injection vulnerabilites have been identified in the PostNuke PHP content management system. An attacker can use this vulnerability to potentially insert executable PHP code into the content management system (to view all files within the PHP scope, for instance). Various other SQL injection vulnerabilities exist, which give attackers the ability to run SQL queries on any tables within the database.

References

CVE Name CVE-2005-0615
CVE Name CVE-2005-0617
Message http://marc.theaimsgroup.com/?l=bugtraq&m=110962710805864
Message http://marc.theaimsgroup.com/?l=bugtraq&m=110962819232255
URL http://news.postnuke.com/Article2669.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.