SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-05-04
Updated
2017-08-17
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-03-31
Updated
2017-09-29
2 vulnerabilities found