CVE-2006-6233
published 2006-12-02CVE-2006-6233: SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid…
PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.10%
61.7th percentile
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://securityreason.com/securityalert/1952http://www.securityfocus.com/archive/1/437832/100/200/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/27501http://securityreason.com/securityalert/1952http://www.securityfocus.com/archive/1/437832/100/200/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/27501
2006-12-02
Published