PT-2006-1850 · Postnuke · Postnuke

Maksymilian Arciemowicz

Published

2006-02-20

Updated

2017-07-20

CVE-2006-0801

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PostNuke versions 0.761 and earlier

Description A SQL injection issue exists in the NS-Languages module for PostNuke, allowing remote attackers to execute arbitrary SQL commands when the magic quotes gpc setting is disabled. This is achieved by manipulating the language parameter in the admin.php endpoint.

Recommendations For PostNuke versions 0.761 and earlier, consider disabling the NS-Languages module until a patch is available, or ensure that the magic quotes gpc setting is enabled to mitigate the risk of SQL injection attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0801

Affected Products

Postnuke

PT-2006-1850 · Postnuke · Postnuke

CVE-2006-0801

Related Identifiers

Affected Products

References · 9