CVE-2005-0615

Name of the Vulnerable Software and Affected Versions PostNuke versions 0.760-RC2

Description The issue concerns SQL injection vulnerabilities in certain PHP files, specifically index.php, modules.php, and admin.php. These vulnerabilities allow remote attackers to execute arbitrary SQL code by manipulating the catid parameter.

Recommendations For PostNuke version 0.760-RC2, avoid using the catid parameter in the affected API endpoints until the issue is resolved. Consider restricting access to the vulnerable PHP files, such as index.php, modules.php, and admin.php, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.