CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
84.8%
ISS X-Force reports:
PostNuke is vulnerable to SQL injection. A remote attacker
could send specially-crafted SQL statements to the admin
section using the hits parameter, which could allow the
attacker to view, add, modify or delete information in the
back-end database.