CVE-2006-5121

Name of the Vulnerable Software and Affected Versions PostNuke version 0.762

Description A SQL injection issue exists in the Admin section of PostNuke, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the hits parameter in the modules/Downloads/admin.php file.

Recommendations For PostNuke version 0.762, avoid using the hits parameter in the affected admin.php file until a fix is available. As a temporary workaround, consider restricting access to the modules/Downloads/admin.php file to minimize the risk of exploitation.