CVE-2004-2751SQL Injection in Software Foundation Postnuke

CWE-89SQL Injection3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.8%
top 25.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Postnuke Software Foundation Postnuke
Timeline
PublishedDec 31
Latest updateApr 29

Description

SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDpostnuke_software_foundation/postnuke0.722, 0.723, 0.726+2

Patches

Patch: community.postnuke.comPatch: www.derkeiler.comPatch: community.postnuke.com

🔴Vulnerability Details

2
GHSA
GHSA-r3xr-78mf-93cp: SQL injection vulnerability in the members_list module in PostNuke 02022-04-29
CVEList
CVE-2004-2751: SQL injection vulnerability in the members_list module in PostNuke 02007-11-14
CVE-2004-2751 — SQL Injection | cvebase