|
| |||||||
 |
| | LinkBack | Thread Tools | Search this Thread | Display Modes |
25-08-05, 08:24 AM
| |||
| |||
 PostNuke "show" Parameter SQL Injection Vulnerability
A vulnerability has been discovered in PostNuke, which can be exploited by malicious administrative users to conduct SQL injection attacks. Input passed to the "show" parameter in "modules/Downloads/dl-viewdownload.php" is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability has been confirmed in version 0.750 and has also been reported in version 0.760-RC4b. Prior versions may also be affected. Solution: Update to version 0.760. http://news.postnuke.com/Downloads-r...oad-cid-1.html      |
|
| Tags |
| injection, parameter, postnuke, show, sql, vulnerability |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| PHP-Nuke "query" SQL Injection Vulnerability | pkelly | Security Notices | 0 | 16-11-05 04:15 PM |
| Xoops Cross-Site Scripting and SQL Injection Vulnerabilities | niall | Security Notices | 0 | 30-06-05 10:55 AM |
| PostNuke XML-RPC Library PHP Code Execution Vulnerability | niall | Security Notices | 0 | 30-06-05 10:53 AM |
Linear Mode
