Bilge_Kagan

**Name of the Vulnerable Software and Affected Versions** PostNuke version 0.764 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `sid` parameter in a News article modload action, specifically through the 'modules.php' file. **Recommendations** For PostNuke version 0.764, avoid using the `sid` parameter in the News article modload action until a fix is available. As a temporary workaround, consider restricting access to the 'modules.php' file to minimize the risk of exploitation.