CVE-2006-6233

3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postnuke Software Foundation Postnuke

Timeline

PublishedDec 2

Latest updateMay 1

Description

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDpostnuke_software_foundation/postnuke10 versions+9

🔴Vulnerability Details

GHSA

GHSA-5xg4-rfhr-c5p6: SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the↗2022-05-01

▶

CVEList

CVE-2006-6233: SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the↗2006-12-02

▶