SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html
marc.info/?l=bugtraq&m=108256503718978&w=2
news.postnuke.com/Article2580.html
secunia.com/advisories/11386
securitytracker.com/id?1009801
www.osvdb.org/5368
www.osvdb.org/5369
www.securityfocus.com/bid/10146
exchange.xforce.ibmcloud.com/vulnerabilities/15869
exchange.xforce.ibmcloud.com/vulnerabilities/15875