Vulnerability Description
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postnuke Software Foundation | Postnuke | 0.726 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.htmlExploit
- http://marc.info/?l=bugtraq&m=108256503718978&w=2
- http://news.postnuke.com/Article2580.htmlVendor Advisory
- http://secunia.com/advisories/11386
- http://securitytracker.com/id?1009801
- http://www.osvdb.org/5368
- http://www.osvdb.org/5369
- http://www.securityfocus.com/bid/10146Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15869
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15875
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.htmlExploit
- http://marc.info/?l=bugtraq&m=108256503718978&w=2
- http://news.postnuke.com/Article2580.htmlVendor Advisory
- http://secunia.com/advisories/11386
- http://securitytracker.com/id?1009801
FAQ
What is CVE-2004-1949?
CVE-2004-1949 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter...
How severe is CVE-2004-1949?
CVE-2004-1949 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1949?
Check the references section above for vendor advisories and patch information. Affected products include: Postnuke Software Foundation Postnuke.