Vulnerability Details CVE-2004-2751
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.7%
CVSS Severity
CVSS v2 Score 6.8
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html
- http://community.postnuke.com/Article2535.htm
- http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html
- http://securitytracker.com/id?1008629
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html
- http://www.gulftech.org/01032004.php
- http://www.osvdb.org/3334
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11500
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html
- http://community.postnuke.com/Article2535.htm
- http://lists.postnuke.com/pipermail/postnuke-security/2004q1/000001.html
- http://securitytracker.com/id?1008629
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html
- http://www.gulftech.org/01032004.php
- http://www.osvdb.org/3334
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11500
Products affected by CVE-2004-2751
-
cpe:2.3:a:postnuke_software_foundation:postnuke:0.722
-
cpe:2.3:a:postnuke_software_foundation:postnuke:0.723
-
cpe:2.3:a:postnuke_software_foundation:postnuke:0.726