Pages: [1] 
|
 |
|
 Author
|
Topic: PostNuke SQL Injection and Cross Site Scripting Vulnerabilities (Read 1026 times)
|
|
AlphaWolf
|
FrSIRT Advisory : FrSIRT/ADV-2005-0643 CVE Reference : GENERIC-MAP-NOMATCH Rated as : Moderate Risk Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-05-28 * Technical Description * Two vulnerabilities were identified in PostNuke, which may be exploited by malicious users to execute arbitrary SQL commands or conduct cross site scripting attacks. These flaws are due to an input validation error in the "readpmsg.php" script that does not properly filter the "start" parameter, which may be exploited to conduct SQL injection attacks or cause arbitrary scripting code to be executed by the user's browser. * Affected Products * PostNuke version 0.76 RC4 and prior * Solution * Apply the patch PNSA 2005-2 : http://news.postnuke.com/Downloads-index-req-getit-lid-471.html * References * http://www.frsirt.com/english/advisories/2005/0643http://www.securityreason.com/adv/PostNuke_CriticalSQL.asc |
|
|
|
|
Logged
|
|
|
|
|
Pages: [1] 
|
|
|
 |
AlphaOne Technology Support Forums
