cbcvebase.
CVE-2006-6233
published 2006-12-02

CVE-2006-6233: SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid…

PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.10%
61.7th percentile
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.

Affected

10 ranges
VendorProductVersion rangeFixed in
postnuke_software_foundationpostnuke
postnuke_software_foundationpostnuke
postnuke_software_foundationpostnuke
postnuke_software_foundationpostnuke
postnuke_software_foundationpostnuke
postnuke_software_foundationpostnuke
postnuke_software_foundationpostnuke
postnuke_software_foundationpostnuke
postnuke_software_foundationpostnuke
postnuke_software_foundationpostnuke
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.