PostNuke NS-Languages Module language Variable SQL Injection

2006-02-19T05:32:43
ID OSVDB:23435
Type osvdb
Reporter OSVDB
Modified 2006-02-19T05:32:43

Description

Solution Description

Upgrade to version .762 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/[path]/admin.php?module=NS-Languages&op=missing&language='SQLINJECTION

References:

Vendor URL: http://www.postnuke.com/ Vendor Specific News/Changelog Entry: http://news.postnuke.com/index.php?name=News&file=article&sid=2754 Secunia Advisory ID:18937 Related OSVDB ID: 23436 Related OSVDB ID: 23433 Related OSVDB ID: 23434 Other Advisory URL: http://securityreason.com/achievement_securityalert/33 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html FrSIRT Advisory: ADV-2006-0673 CVE-2006-0801 Bugtraq ID: 16752