PostNuke 0.72x Members_List Module Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/7218/info Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affected scripts do not provi...

CVE-2004-2751

PostNuke 0.726 (and possibly earlier) contains an SQL injection in the members_list module, exploitable via the sortby parameter. This allows remote attackers to craft SQL commands to affect the database. The vulnerability is stated for the members_list component, with no additional exploit detai...

CVE-2004-2751

SQL injection vulnerability in the memberslist module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter...

PostNuke Members_List Module Information Disclosure

The remote host is running PostNuke. It is possible to use the CMS to determine the full path to its installation on the server or the name of the database used, by doing a request like : /modules.php?op=modload&name=MembersList&file=index&letter=All&sortby=foobar An attacker may use these flaws ...

PHP-Nuke 6.0 (& 6.5?) : Serious SQL Injection Security Holes

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Versions : 6.0 & 6.5? Modules : MembersList, YourAccount Problem : SQL Injection PHP Configuration : This will work if magicquotesgpc=OFF. PHP Code/Location : °°°°°°°°°°°°°°°°°°° /modules/MembersList/index.php :...