CVE-2004-2751

SQL injection vulnerability in the memberslist module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter...

PostNuke Members_List Module Information Disclosure

The remote host is running PostNuke. It is possible to use the CMS to determine the full path to its installation on the server or the name of the database used, by doing a request like : /modules.php?op=modload&name=MembersList&file=index&letter=All&sortby=foobar An attacker may use these flaws ...