Postnuke@0.726 Security Vulnerabilities and Issues — Postnuke@0.726 CVE List

Lucene search

Postnuke Software FoundationPostnuke0.726

4 matches found

CVE•added 2005/05/10 4:0 a.m.•45 views

CVE-2004-1949

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.

7.5CVSS8.6AI score0.01887EPSS

CVE•added 2007/11/14 2:0 a.m.•32 views

CVE-2004-2752

Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action.

4.3CVSS6.1AI score0.00254EPSS

CVE•added 2007/11/14 2:0 a.m.•31 views

CVE-2004-2751

SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

6.8CVSS8.9AI score0.00783EPSS

CVE•added 2005/05/10 4:0 a.m.•30 views

CVE-2004-1956

PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PH...

5CVSS7.2AI score0.00457EPSS